Posted by larry on 10/31/07 20:31

On Oct 31, 9:36 am, +mrcakey <mrca...@nospam.nospam> wrote:

> Essentially then register_globals exposes ALL your variables to attack
> from outside rather than just those you're fetching explicitly from
> $_GET, $_POST etc. I understand now. Thanks to all who replied.
>
> +mrcakey

Note: If you can't be sure your code is going to be always in a
globals off environment, it is recommended all variables used in the
script are initialized early on in the script (even the empty ones).
Also one gotcha with globals on is if you do $foo = $_POST['foo'];
don't initialize $foo until you've made sure $_POST['foo'] is empty.

• Next in forum: Why is server starting on 0.0.0.0:3000?
• Prev in forum: Re: Looking for help on what is probably a simple task
• Thread view: Re: register_globals on / off - I think I'm missing the point

[Reply to this message]