|
|
Posted by Colin McKinnon on 05/10/05 17:31
dracolytch@gmail.com wrote:
> Good day all,
> Ok, I have a pretty tricky problem that I need some help with.
>
> I pass around search query information a fair amount (specifically
> WHERE statements). Normally, I just rawurlencode() the buggers, and
> pass them via the URL. I like having the where clauses in the URL,
> because then someone can just bookmark the URL, or send it to a friend,
> and I don't have to worry about a thing.
>
SQL injection?
I use mcrypt to encrypt it using AES, then base64 encode it. The encryption
prevents people modifying the code (I actually encode($check .
$where_clause) so I can validate on $check). The base64 encode bit means I
don't need to worry about whether it is urlencoded or not (although the
'==' at the end gets stripped off if I include it in a URL without encoding
it, base64decode iterprets it just the same.
HTH
C.
Navigation:
[Reply to this message]
|