Francois Legare
[EMAIL PROTECTED]
-Original Message-
From: Rasmus Lerdorf [mailto:[EMAIL PROTECTED]]
Sent: April 23, 2001 9:30 PM
To: Plutarck
Cc: [EMAIL PROTECTED]
Subject: Re: [PHP] Why is it dangerous to have register_globals on?
Never never never trust user-supplied data
On Monday 23 April 2001 11:56, Greig, Euan wrote:
I have read in several places that is dangerous to have register_globals
on, but I have not understood the (short) explanations given. Can anyone
enlighten me?
keep it a rule to either unset any variable that you use or set them with a
Now I understand! I hadn't twigged to the danger of _internal_ variables
getting overwritten by bogus get/post variables.
Thanks to you all.
Euan
Rasmus Lerdorf [EMAIL PROTECTED] wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
Actually it's not dangerous per se.
However if
I have read in several places that is dangerous to have register_globals on, but I
have not understood the (short) explanations given. Can anyone enlighten me?
Euan Greig
Technical Consultant
BRANN DATA
[EMAIL PROTECTED]
01285 645997
Actually it's not dangerous per se.
However if can be very dangerous if you aren't being careful in your code,
for instance, consider this.
Let's say I've conditionally set $sql somewhere else in the code based upon
certain conditions, which works fine. But let's say those conditions aren't
met
Actually it's not dangerous per se.
However if can be very dangerous if you aren't being careful in your code,
for instance, consider this.
Let's say I've conditionally set $sql somewhere else in the code based upon
certain conditions, which works fine. But let's say those conditions
6 matches
Mail list logo