I was hoping that someone could point me to a page or resource where I
can find more information about using the predefined variables
introduced in PHP 4.1.0. I read the "release announcement"
(http://www.php.net/release_4_1_0.php), which is what called my
attention to the potential security problems. I think I understand the
example provided (where $authenticated is passed by a malicious user and
overrides the "authenticate_user()" function) -- but does this mean that
from this point on, any variables generated by a form should be pulled
from $_GET or $_POST ? It seems that there isn't a difference between
$variable and $_GET['variable'], since a user could add "?variable=1" to
the querystring. But then, keep in mind that I don't know everything
that's going on here.
In other words, is there a more detailed description of the process of
pulling a form variable from one of these arrays?
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]