Do you encode all your variables that you pass?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
bradles
Forum Commoner
Posts: 89
Joined: Wed Jun 30, 2004 10:40 pm

Do you encode all your variables that you pass?

Post by bradles »

When passing variables to the new page, do you always encode them? I have not yet learned how to do this but was just wondering what sort of security hazards there are if you don't encode them.

Brad
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

what kind of encoding? encryption? ... or ... url encoding?
bradles
Forum Commoner
Posts: 89
Joined: Wed Jun 30, 2004 10:40 pm

Post by bradles »

Hi Feyd,

Not sure even if i'm barking up the right tree here but i saw a www address that had this after the last "/"

preview.mgi?mgiToken=BC2GMIC77F137BM3AJ&a=A00000-488&lg=0&c=0008&g=1&d=2453258&p=1

I just assumed that the token was encoded as it looked like gibberish. Sorry if i'm off track here.

Brad.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

yes, that's an encoding of sorts... you can create your own versions of this, or use existing ones.. even play around with existing ones to make them your own.. although it looks like 'token' is there session id system...
bradles
Forum Commoner
Posts: 89
Joined: Wed Jun 30, 2004 10:40 pm

Post by bradles »

Awesome...thanks feyd.

Is this sort of thing done most of the time...or do most people not worry about encoding variables?

Brad.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

depends on how secure you care for that data to be.. the more secure you want it, the more encryption/protection you'll want/need on it. however, the more secure you go, the farther away from url parameters you get.
User avatar
m3mn0n
PHP Evangelist
Posts: 3548
Joined: Tue Aug 13, 2002 3:35 pm
Location: Calgary, Canada

Post by m3mn0n »

If data was that sensitive, I wouldn't recommend passing it via GET. It should be sent via POST on a 128bit SSL enabled server.
Post Reply