Posted by Kenny on 08/29/06 18:18

On 29 Aug 2006 10:30:47 -0700, WhatsPHP wrote...
>
>Thanks for all your input on security guys i will certainly keep it in
>mind, but this is an inhouse intranet application and the users who use
>the system barely know how to use it, let alone hack it.. That is the
>reason we had register_globals on. This system maybe internal and on
>the intranet but it has around 20 people using it full time (so it is
>not small)..
>
>We have register_globals on.. What is still bugging me is the totally
>random occurence of this error.. has anyone experienced IE behaving
>weird by not posting all the form variables, both hidden and non-hidden
>as it should?
>

The "register_globals" setting can be easy adjusted in the php.ini config file
and would probably be a good place to start.

If you're only validating your information with Javascript, that's not very
reliable since it can be turned on and off on the client PC and you can't
control what the user is going to send back. At least a couple other people
suggested using PHP to validate the information. That way you can process the
information at the server consistently and can control how the information is
formatted and what you do with it. Javascript is not very reliable in hat regard
and shouldn't be used exclusively.

Ken
--
Newsguy's Help-A-Community Program
http://newsguy.com/charity.asp

[Back to original message]