Databases
StackOverflow2013
Postsdbo
PO
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    primarykey
    data
    text
    <p>Your script is secure and protects against basic session hijacking attempts, too.</p> <p>You should consider checking by a <code>/24</code> mask (and maybe add some more checks, <code>HTTP_USER_AGENT</code> checking, cookie checking, etc) - this will allow people with dynamic IPs to access your site, too.</p> <p>You do not need to check if the <code>$_SESSION</code> variable has been modified by the user as it's not possible (unless they have access to the server, and you're not doing mass-assignment from <code>$_POST</code> or something stupid like that)</p> <p>Note: <code>mysql_*</code> functions are deprecated since <strong>PHP 5.5</strong>. You can switch to <a href="http://php.net/mysqli" rel="nofollow">MySQLi</a> or <a href="http://php.net/pdo" rel="nofollow">PDO</a>.</p> <p>In reply to your comment, it's not entirely impossible for two users to have the same IP, <a href="http://en.wikipedia.org/wiki/IP_address#Uses_of_dynamic_address_assignment" rel="nofollow">dynamic IPs</a> (which has been getting more and more popular in ISP-provided routers due to the IPv4 exhaustion) and <a href="http://en.wikipedia.org/wiki/NAT" rel="nofollow">NAT</a> (which has also been getting more and more popular due to the same reason) can be two causes of this.</p> <p>I've gone out of my way to provide an example <code>PDO</code> statement for you to work from:</p> <pre><code>$pdo = new PDO('mysql:dbname=session_test;host=127.0.0.1', 'root', ''); $sth = $pdo-&gt;prepare("SELECT * FROM users WHERE username = ? LIMIT 1"); $sth-&gt;bindParam(1, $_SESSION['username']); $sth-&gt;execute(); $user = $sth-&gt;fetch(PDO::FETCH_OBJ); if($user-&gt;ip !== $_SERVER['REMOTE_ADDR']) { exit("Session hijacking attempt found"); } </code></pre> <p>As <code>Cloudflare</code> is getting increasingly popular I'll throw in a recommendation to use <code>$_SERVER['CF_CONNECTING_IP']</code> on the condition that <code>$_SERVER['REMOTE_IP']</code> is one of Cloudflare's IPs.</p>
    singulars
    1. This table or related slice is empty.
    1. POPHP and MYSQL: Is my system safe?
      singulars
      1. PTQuestion
    1. PTAnswer
    1. USJordan Doyle
    1. USJordan Doyle
    plurals
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. POPHP and MYSQL: Is my system safe?
      singulars
      1. PTQuestion
    1. This table or related slice is empty.
    1. VO
      singulars
      1. PO
      1. This table or related slice is empty.
      1. VTUpMod
    2. VO
      singulars
      1. PO
      1. This table or related slice is empty.
      1. VTAcceptedByOriginator
    3. VO
      singulars
      1. PO
      1. This table or related slice is empty.
      1. VTUpMod
    1. CONot to mention many homes nowadays have wireless routers, which means it could be one person with 3+ devices, or 10 people with 10+ devices sharing the same external IP.
      singulars
      1. PO
      1. USaynber
    2. CO@aynber which is covered by my statement about `NAT`! :)
      singulars
      1. PO
      1. USJordan Doyle
    3. COJust adding a bit more of a note, since it's not always about IPv4 exhaustion. :-D
      singulars
      1. PO
      1. USaynber
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload