At 5:36 PM +0000 1/9/07, Dave Goodchild wrote:
Wow, there are some really bitchy, unattractive people here. No
wonder some people bail out of IT. Don't confuse knowledge for
wisdom.
Dave:
I don't understand your comment. What I said below is good coding.
Never trust any input to be what you expect it to be.
An excellent book on this subject is Chirs' book:
http://phpsecurity.org/
tedd
PS: Nice looking new site Chris !
== previous
On 1/9/07, tedd <<mailto:tedd@xxxxxxxxxxxx>tedd@xxxxxxxxxxxx> wrote:
At 9:17 PM -0500 1/5/07, <
<mailto:tg-php@xxxxxxxxxxxxxxxxxxxxxx>tg-php@xxxxxxxxxxxxxxxxxxxxxx>
wrote:
You'll probably get 50 answers to this, but here's probably what happened.
There's a setting called "register globals" that will turn your
name=me and age=27 into $name = "me" and $age = "27". It used to be
turned ON by default. This was generally considered to be bad
security, so it now defaults to OFF.
To get these variables, just use the $_GET system variable.
$name = $_GET['name'];
$age = $_GET['age'];
Easy!
Best of luck!
-TG
Just to add to -TG advice, you should also clean those inputs. IWO,
make sure the values fall within what you expect. Basic security.
tedd
--
-------
<http://sperling.com>http://sperling.com
<http://ancientstones.com>http://ancientstones.com <http://earthstones.com>http://earthstones.com
--
PHP General Mailing List (<http://www.php.net/>http://www.php.net/)
To unsubscribe, visit:
<http://www.php.net/unsub.php>http://www.php.net/unsub.php
--
<http://www.web-buddha.co.uk>http://www.web-buddha.co.uk
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
