--- Greg Beaver <[EMAIL PROTECTED]> wrote: > Erich Kolb wrote: > > Is there an easier way to assign all post data from a form to > > session data? > > > > Eg., > > > > $_SESSION['first_name'] = $_POST['first_name']; > > $_SESSION['last_name'] = $_POST['last_name']; > > > > $_SESSION['email'] = $_POST['email']; > > Never pass in data from any external source without explicitly > validating it. You could run into some serious crap if malicious > users attempt to pass in very large chunks of BS into random > $_POST variables, and you simply save it in $_SESSION. For > instance, if you have any quota, you might exceed it in a single > bound, and your whole site would stop working.
Greg++ :-) Chris ===== Chris Shiflett - http://shiflett.org/ PHP Security - O'Reilly HTTP Developer's Handbook - Sams Coming January 2005 http://httphandbook.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
