subject:"\[PHP\] Re\: Session vars vs. POST\/GET vars\?"

[PHP] Re: Session vars vs. POST/GET vars?

2003-01-11 Thread Noel Wade

Nevermind, just found the $HTTP_SESSION_VARS array...

Thanks anyways!  Take care,

--Noel

Noel Wade [EMAIL PROTECTED] wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Hi all,

 So I have a session variable; but with register_globals active on the
server
 I'm hosted at (no way to turn it off), just checkng for $varX in my
script
 could retrieve the session variable, a GET variable with the same name, or
a
 POST variable with the same name - and as a security concern, someone
could
 use a GET request (http://somehost/mypage.php?varX=0) to spoof the script
 into thinking that varX is the wrong value.

 So, is there any way in a script to specify that I want to retrieve the
 value stored in the registered session_variable(varX)??

 Thanks,

 --Noel






-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Session vars vs. POST/GET vars?

2003-01-11 Thread Jason Wong

On Saturday 11 January 2003 18:39, Noel Wade wrote:
 Nevermind, just found the $HTTP_SESSION_VARS array...

If you're using a relatively recent version of PHP, you should use $_SESSION.

-- 
Jason Wong - Gremlins Associates - www.gremlins.biz
Open Source Software Systems Integrators
* Web Design  Hosting * Internet  Intranet Applications Development *

/*
Sic transit gloria mundi.
[So passes away the glory of this world.]
-- Thomas `a Kempis
*/


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: Session vars vs. POST/GET vars?

Re: [PHP] Re: Session vars vs. POST/GET vars?

2 matches

Site Navigation

Mail list logo

Footer information