Programming Forums - View Single Post - Tutorial

Darkhack · Dec 10th, 2005, 5:50 PM

Yes, you can use SQL injection through GET and Cookies. Pretty much anything. ALL information coming from the client that is going to be processed in a query should be put through some kind of filter such as the one I provided. My advice is if you are using cookies is when a user first visits a page to 1. pull the cookie. 2. filter it. 3. assign it to a session. I'm kinda bias, but I always find sessions to be easier to handle and once you've assigned a session you no longer have to worry so much about security as you would if you kept the cookie the whole way through; you would have to keep checking it.

Dec 10th, 2005, 5:50 PM	#4
Darkhack Hobbyist Programmer Join Date: Dec 2005 Location: Kansas City Posts: 105 Rep Power: 3	Yes, you can use SQL injection through GET and Cookies. Pretty much anything. ALL information coming from the client that is going to be processed in a query should be put through some kind of filter such as the one I provided. My advice is if you are using cookies is when a user first visits a page to 1. pull the cookie. 2. filter it. 3. assign it to a session. I'm kinda bias, but I always find sessions to be easier to handle and once you've assigned a session you no longer have to worry so much about security as you would if you kept the cookie the whole way through; you would have to keep checking it.