Re: re[PHP] gister_globals

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Sancar Saran schreef:
On Wednesday 16 January 2008 15:33:04 Jochem Maas wrote:
tbt schreef:
Hi,

I'm a newbie to php and i would like to set register_globals to 'on' from
my php script itself(eg:- index.php). Is there any way of doing this.
you think you would like that. but you are wrong. register_globals is a
security risk in the hands of someone who doesn't know exactly what they
are doing.

besides which register_globals is depreciated. also you can search the
list archives for lots of posts that explain why register_globals is evil.

learn how to write your script without using register_globals - ask here if
you get stuck (but don't forget the manual!).

Thanks

Hell frezezer over.

odd verb. but I get the message. indeed it's seem it hath freezeth nicely.

Me thinks regsiter_globals are evil too.

And what about this

session_start();

$_SESSION['refString'] = $_GET['refNo'];

what about it?

1. you mean the fact that the GET val is not sanitized?
2. or the oddness of 'refNo' becoming 'refString' (is it a string, a number, superman)?
3. or the direct use of $_SESSION and the lack of specific session cookie settings?

1. is evil, 2. is odd and 3. is a change recommendation ... if you ask me.


Sancar


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux