Is putting $_GET in headers safe? (PHP)
Posted
by ggfan
on Stack Overflow
See other posts from Stack Overflow
or by ggfan
Published on 2010-05-08T17:57:37Z
Indexed on
2010/05/08
18:08 UTC
Read the original article
Hit count: 151
php
In my profile.php
script, I have a flag function that allows users to flag that user.
If they flag a user, it sends data (user_id
, reason
, etc) to a file called flag.php
which does all the banning and stuff. The data is sent to flag.php
through
header("Location: flag.php?user_id=___&reason=___")
Then in flag.php
, after it does all the banning, it redirects the user back to the profile through another header. The user never sees the flag.php
.
Is my flag.php
safe? because they never see the script?
© Stack Overflow or respective owner