Posted by Christoph Burschka on 05/22/07 06:43

> <FORM ACTION="insert_data.php" METHOD=POST>

That doesn't have anything to do with register_globals (although on a
side note, I'd generally advise <form action="insert_data.php"
method="post"> because it's both easier to read and compliant with
XHTML). Look at the insert_data.php script instead.

In insert_data.php, the form values you sent should be referenced like
this: $_POST['field1'], $_POST['field2'], etc.

If they're used directly as $field1, $field2, etc., your code is
depending on register_globals to work, and may be vulnerable to a
certain kind of injection attacks. Just replace $field1 with
$_POST['field1'], and it will be okay.

Of course, even a script that does not depend on register_globals is
only safe after register_globals is actually disabled.

--
Chris

• Next in forum: Re: Register Globals
• Prev in forum: Re: Regular Expression - Can't match blank space - why not? - PHP Cheat Sheet.pdf (0/1)
• Thread view: Re: Register Globals

[Reply to this message]