Re: register_globals on / off - I think I'm missing the point
- From: larry@xxxxxxxxxxxxxxxxx
- Date: Wed, 31 Oct 2007 13:31:35 -0700
On Oct 31, 9:36 am, +mrcakey <mrca...@xxxxxxxxxxxxx> wrote:
Essentially then register_globals exposes ALL your variables to attack
from outside rather than just those you're fetching explicitly from
$_GET, $_POST etc. I understand now. Thanks to all who replied.
+mrcakey
Note: If you can't be sure your code is going to be always in a
globals off environment, it is recommended all variables used in the
script are initialized early on in the script (even the empty ones).
Also one gotcha with globals on is if you do $foo = $_POST['foo'];
don't initialize $foo until you've made sure $_POST['foo'] is empty.
.
- References:
- register_globals on / off - I think I'm missing the point
- From: +mrcakey
- Re: register_globals on / off - I think I'm missing the point
- From: AnrDaemon
- Re: register_globals on / off - I think I'm missing the point
- From: +mrcakey
- register_globals on / off - I think I'm missing the point
- Prev by Date: Re: Looking for help on what is probably a simple task
- Next by Date: Why is server starting on 0.0.0.0:3000?
- Previous by thread: Re: register_globals on / off - I think I'm missing the point
- Next by thread: Re: register_globals on / off - I think I'm missing the point
- Index(es):
Relevant Pages
|
