Menu
Community /Pin to ProfileBookmark
@NogDogJul 13.2010 — #Regardless of whether you need to store a query in the session data (I'm not convinced that should be the case), you probably do not need to encrypt it since it stays on the server (only the session ID is sent to the client). If you are concerned that you're on a shared server and someone might be able to view your session data, then you could use your database to store the session data .
Ultimately, if you do need to encrypt your data, you need to use anencryption function rather than a hashing function such as md5().@NogDogJul 14.2010 — #
No, the session data is never sent to the client, only the session ID cookie is.
Not 100% sure why you want to do that, but it seems to me more like something you would do in a config file that you could then include/require wherever you might need it, either setting that query string as a variable or constant, or defining a function to handle it where you could pass the WHERE clause as a function argument.
concatenate a MD5 string with another
Hello people
I Have a MySQL query that i want to send to a different page. To make it secure before it is sent I am MD5()ing the string. Then sending the data using sessions.
When the second page receives the string i want to add a new string to the end of the MD5() string. Basically to change the where clause
Not sure if MD5 is the best way to encrypt or if there is a better way to move variables other than a session.
[code=php]
//First page.
session_start();
$q = “SELECT Field_1, Field_2 FROM `some_table`”;
$_SESSION[‘query’] = md5($q);
[code=php]
//Second Page
session_start();
$q = $_SESSION[‘query’];
$query = $q . ” WHERE Field_1=’123′;”;
$run = @mysqli_query($dbc, $query);
//get info from database…..
Any ideas would be very appreciated!
Thanks
Joe?
Sign in
to post a comment6 Comments(s) ↴
0
@NogDogJul 13.2010 — #Regardless of whether you need to store a query in the session data (I'm not convinced that should be the case), you probably do not need to encrypt it since it stays on the server (only the session ID is sent to the client). If you are concerned that you're on a shared server and someone might be able to view your session data, then you could use your Ultimately, if you do need to encrypt your data, you need to use an
0
@NogDogJul 14.2010 — #I have been wondering about how sessions are shown on the client side. So there is no way that a user can access the data stored in a session?[/quote]
No, the session data is never sent to the client, only the session ID cookie is.
the reason i only want to enter the query once (as a variable) is so I can use the same login script for multiple login areas on the same site. Other wise I will have to duplicate all the login pages just to change one line of query information.
any ides on how this could be better accomplished?[/QUOTE]
Not 100% sure why you want to do that, but it seems to me more like something you would do in a config file that you could then include/require wherever you might need it, either setting that query string as a variable or constant, or defining a function to handle it where you could pass the WHERE clause as a function argument.