Re: Re: $_GET and $_POST arrays not working

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I apologize, but I've never been able to access $_POST and $_GET in any 
context whatsoever without first turning on the register globals.


"John Nichel" <jnichel@xxxxxxxxxx> wrote in message 
news:4387AC03.1040302@xxxxxxxxxxxxx
> Matt Monaco wrote:
>> Somewhat, but its what you need to do for the post and get arrays to 
>> work.
> <snip>
>
> No.  Things like $_POST and $_GET are global arrays and work regardless of 
> the register_globals setting.  The information you're handing out above is 
> wrong and dangerous.
>
> </snip>
>> What you need to do is make sure check the values in the global variables 
>> before you use them.  For example if on one page you have a form for a 
>> user signup and <input type=text name='userName'> on the next page 
>> $_POST['userName'] should be checked for things like quotes and other 
>> characters that will alter your SQL statement before you actually INSERT 
>> that value into your table.
>
> ie they should be sanitized.  Things like mysql_real_escape_string() or 
> adding slashes (depending on your magic_quotes setting) should be done 
> prior to inserting any data.  Also, you should check to ensure that it's 
> the data you expect; if you only allow usernames to contain alpha-numeric 
> characters, then you should check for that.  Toss is out if it contains 
> something else.
>
> Best rule of thumb:  Never trust user input, regardless of the 
> register_globals setting.
>
> -- 
> By-Tor.com
> ...it's all about the Rush
> http://www.by-tor.com 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux