|
|
Posted by Jerry Stuckle on 12/06/06 16:01
Geoff Berrow wrote:
> Message-ID: <lb2dnbcO6NE30OvYnZ2dnUVZ_qOdnZ2d@comcast.com> from Jerry
> Stuckle contained the following:
>
>
>>>So - as long as I explicitly reference $_SESSION[] when continuing a
>>>session, I'm not subject to the security vulnerabilities of
>>>register_globals, right?
>>>
>>
>>True - but ANY misstep can be disastrous. The problem is,
>>
>>$i = $MyVar;
>>
>>doesn't cause an error of $MyVar hasn't been explicitly assigned a value
>>in your code, but it is in the $_SESSION, $_POST, $_GET or $_COOKIES
>>(forgot the last one)
>
>
> $_REQUEST ?
>
$_REQUEST is just a synonym for both $_POST and $_GET. But I don't use
it - it's too easy for a hacker to substitute $_POST values in the $_GET
request.
If I want the form to be posted, I always use $_POST.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================
Navigation:
[Reply to this message]
|