security after enabling query strings

security after enabling query strings - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23)
+--- Thread: security after enabling query strings (/showthread.php?tid=14406)

security after enabling query strings - El Forum - 01-01-2009

[eluser]learnq[/eluser]
Hi,
I have to enable query_strings for paypal &other;payment getway as they return
through GET.
Now , as I enable query strings CI do not filter the datas by default.
If I take all data like

Code:
$name = $this->input->post('name',TRUE) ; 

$name = $this->input->get('name',TRUE) ;

am I safe ? If not, how can I filter the data in better way ?

Thanks.

security after enabling query strings - El Forum - 01-01-2009

[eluser]johnwbaxter[/eluser]
Paypal can return through post, you just need to specify post as the return method in the data you send to them each time, and I bet other payment gateways all allow post, I've never used one that doesn't.

security after enabling query strings - El Forum - 01-01-2009

[eluser]learnq[/eluser]
are you sure about paypal ? both IPN & PDT ?
Another Payment gatway that I am using does not support POST.
Anyway , what is the best way to secure data when query string is enable >
Thanks.