That was enlightening, thank you. I think that I had better set
register_globals OFF ! However there is still one last nagging question
in my mind: What is the purpose of the $_GET (or $HTTP_GET_VARS)
predefined variable? It seems that in the case of "get" variables,
malicious variables could still be set in the querystring and even using
$_GET['variablename'] wouldn't be able to stop this from happening.
That is, from what I understand, the advantage of using "get" variables
in the first place.
So does using $_GET actually confer any additional security? If so, how?
Thank you all,
On Tuesday, January 15, 2002, at 03:55 PM, Johnson, Kirk wrote:
> Give this a read first, then come back if you still have questions ;)
>> -----Original Message-----
>> From: Erik Price [mailto:[EMAIL PROTECTED]]
>> Sent: Tuesday, January 15, 2002 1:50 PM
>> To: PHP
>> Subject: [PHP] security benefits of predefined variables
>> I was hoping that someone could point me to a page or
>> resource where I
>> can find more information about using the predefined variables
>> introduced in PHP 4.1.0.
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]