Re: [PHP] Re: [PHP-DB] Re: [PHP] Passing variables to a PHP script on clicking a hyperlink

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 8/24/07, Suamya Srivastava <suamya.srivastava@xxxxxxxxxxxxx> wrote:
> Hi..
>
> in the settings, session.use_cookies is turned ON but session.trans_sid is
> turned OFF. do i need to enable this as well?
> by doing this can i disable the register_globals?
>  - suamya

You need to make sure session_start() is called on all pages to be
able to read/write the session data. This is probably the case.

I have never needed to use trans_sid. It introduces some complexities
that I don't think are needed.

$_REQUEST is basically a new way of doing register_globals, which is a
security issue. register_globals can allow a savvy user to overwrite a
variable with another source - say you wanted a POST variable, a user
could supply GET instead. or if you want it to come from a cookie
using $_COOKIE it could be overridden using GET. If that makes sense.
There's a lot of information about it. It was disabled by default a
while back. Never enable it. You do not need it, period. Anyone
telling you to enable it or reading somewhere you need to enable it is
*absolutely* incorrect.

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [PHP Users]     [Postgresql Discussion]     [Kernel Newbies]     [Postgresql]     [Yosemite News]

  Powered by Linux