| Re: PHP mysql_excape but need to search for those items [message #178380 is a reply to message #178362] |
Tue, 12 June 2012 09:32   |
Arno Welzel
Messages: 317
Registered: October 2011
Karma:
|
Senior Member |
|
|
mrgushi, 11.06.2012 19:01:
> Jerry,
> This is what I'm working with so far.
>
> not sure if I've escaped everything I needed too.
>
> $ENG = mysql_real_escape_string($ENG);
> $result = mysql_query("SELECT * FROM br_test WHERE ENG LIKE '$ENG' ");
> $row = mysql_fetch_array( $result );
>
> The $ENG is the input from the search form..
> The JS problem is valid but then again it will be in a locked down iOS
> app using PhoneGAp. An I'll be using a HTTPs tunnel to the PHP
> scripts.. use some sort of cookie with a SSL flag to lock it down. So
And this will prevent HTTP requests via SSL by an attacker from
somewhere? Why? Will the queries only be executed, if there is a "valid"
cookie? And why is the cookie "valid"? An attacker can not establish an
SSL connectio to your server? An attacker can not generate "valid"
cookies on his own and use them with curl/wget etc.?
Just to think about...
--
Arno Welzel
http://arnowelzel.de
http://de-rec-fahrrad.de
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]