Is it safe to make mysql queries using cookie values?

Asked

Viewed 70 times

-1

Hello, next I made a system that works, but I am doubtful whether it is safe to use it to ensure that it has greater security or at least try to obtain it. I’m using a function that only reads numbers on mysql, but I’m still a beginner and would like a second opinion on.

Could someone please let me know if it’s safe or if there’s anything else to keep safe?

Code:

$id = $_COOKIE["id"]; //Nome do cookie
$novoId = "$cont[id]"; // Novo id, value exemplo "1,2,3,4" adiciona novo valor apos virgula

if (!preg_match("/\b{$novoId}\b/", $id)) {
    setcookie("id", $id .= "{$novoId},");
}

$historico = explode(",", $id);

$histanime = array_filter($historico, function($value) {
    /* Retorna apenas os números inteiros */
    return is_numeric($value);
});

if(($quantidade = count($histanime)) > 30){
    $histanime = array_slice($histanime, $quantidade - 30, 30);
}

$ids5 = implode(",", $histanime) ;

and the consultation on mysql and made with a while:

$cont = mysql_query("SELECT title,titulo2,url,imagen FROM `lista` WHERE aid IN($ids5)");
while (list($title, $titulo2, $url, $Imagen) = mysql_fetch_array($cont))
php mysql

  • it can only query numbers, @Marcelo Rafael, users are saved in another table. how many numbers they represent only site id pages.

1 answer

1

First, functions with prefix mysql_ are obsolete and have been removed in PHP7 to ensure that your codes work use PDO or Mysqli.

On the security of the use of cookies will be the same safety level to make way POST and GET, any user can change the values and try to make an sql-Injection attack, so the problem is not whether it is COOKIE, POST or GET, the important thing is you ensure that the values passed do not contain unexpected data.

The way you did it just passes the numerical type:

$histanime = array_filter($historico, function($value) {
    /* Retorna apenas os números inteiros */
    return is_numeric($value);
});

What probably already guarantees some security, so no matter the origin, it matters is the treatment you give to this data.

People think that the security flaw is exclusively linked to be cookie, get or post, there are people who believe that POST is safer, which is a mistake, anyone who dominates a little HTTP with the use of a tool like wget or curl, can try attacking your server, so what’s important to resolve is:

  • the processing of the data (what you have already done)
  • carefully review the codes
  • use modern Apis
  • if possible use bindParam (or bindValue)

  • in case these ids that would pass "numbers", would only id pages of the site, as for the version of Php that I am used I think is 5.4 or 5.3

  • @Gabriel php5.3 and 5.4 are old already, still have servers that use it, but the future is php7 (we are already in 7.2), change your codes to mysqli or Pdo as soon as possible, because if your servers upgrade and abandon old versions of php then your codes will fail, since functions with prefix mysql_ have long been discouraged.

  • @Gabriel yes, I understood that there are only numbers, I myself commented on this in the answer, about your use of the array_filter, what matters is to understand that it is not COOKIE that is insecure (technically), but rather the treatment given to the "data", what you already solve filtering them.

Browser other questions tagged php mysql

You are not signed in. Login or sign up in order to post.