I was hoping that someone could point me to a page or resource where I 
can find more information about using the predefined variables 
introduced in PHP 4.1.0.  I read the "release announcement" 
(http://www.php.net/release_4_1_0.php), which is what called my 
attention to the potential security problems.  I think I understand the 
example provided (where $authenticated is passed by a malicious user and 
overrides the "authenticate_user()" function) -- but does this mean that 
from this point on, any variables generated by a form should be pulled 
from $_GET or $_POST ?  It seems that there isn't a difference between 
$variable and $_GET['variable'], since a user could add "?variable=1" to 
the querystring.  But then, keep in mind that I don't know everything 
that's going on here.

In other words, is there a more detailed description of the process of 
pulling a form variable from one of these arrays?


PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to