You are here: Re: How to call the session variable? « PHP Programming Language « IT news, forums, messages
Re: How to call the session variable?

Posted by Jerry Stuckle on 01/14/08 22:48

Kurda Yon wrote:
>> Because with register_globals on,
>>
>> http://www.example.com?admin=1
>>
>> sets $admin to 1 (true).
>>
> It is confusing because if I think about register_globals, I think
> that it should be something to do with the global variables. But it
> seems to be not related with the global variables. In the above
> example if $admin is NOT a global variable, we still will have the
> described problem. So, it is no matter if $admin is global or not. The
> matter is that the script can take variables from the address line.
> And with the "register_global off" we force the script NOT to take the
> values from the address line. But it seems to me only a partial
> solution, because hacker will try to pass the value of the $admin
> through the form variables (or it is impossible?). So we should to
> tell the script not to accept the form variables?
>

Even if they pass it through a form it won't make any difference. With
register_globals off, the value will only be available in
$_POST['admin'] or $_GET['admin'], depending on whether the method is
POST or GET. $admin is not changed.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

 

Navigation:

[Reply to this message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация