Rafael:
?php
$thestyle= htmlentities($_POST['thestyle']);
setcookie ('thestyle', $set, time()+31536000, '/', '', 0);
header(Location: $HTTP_REFERER);
?
Actually, you receive $set via GET, so you should use $_GET
instead of $_POST.
Yes, you are correct.
In my example --
Rafael wrote:
Actually, you receive $set via GET, so you should use $_GET
instead of $_POST. A lot of people use $_REQUEST (wich is a
combination of $_POST, $_GET and $_COOKIE -check the manual), but I
read somewhere that this isn't a good practice, though I don't
recall why :p
From what
Rafael wrote:
A tipical example would be a login script that uses the data
as it arrives, for example:
$login = $_POST['login'];
$passw = $_POST['passw'];
$sql = SELECT * FROM user\n
.WHERE( login = '$login' AND passw = '$passw' );
In this case, what happens if I send
this issue.
HTH,
Kevin
-Original Message-
From: tedd [mailto:[EMAIL PROTECTED]
Sent: 17 March 2006 14:49
To: php-general@lists.php.net; Rafael
Subject: Re: [PHP] Re: setcookie security concerns [medium]
Rafael wrote:
A tipical example would be a login script that uses
(Comments inline)
tedd wrote:
[···]
From what I've read (PHP Cookbook by Sklar and other sources) the
reason why you don't want to use $_REQUEST is because it holds all the
variables from six global arrays, namely $_GET, $_POST, $_FILES,
$_COOKIE, $_SERVER, and $_ENV.
Actually,
://www.virtuawebtech.co.uk
-Original Message-
From: tedd [mailto:[EMAIL PROTECTED]
Sent: 17 March 2006 14:30
To: php-general@lists.php.net; Rafael
Subject: Re: [PHP] Re: setcookie security concerns [medium]
Rafael:
?php
$thestyle= htmlentities($_POST['thestyle']);
setcookie ('thestyle', $set, time
On Friday 17 March 2006 15:10, Kevin Davies - Bonhurst Consulting wrote:
I just picked up this thread, so excuse me if I'm repeating or have totally
missed the point.
Another concern I picked up from a PHP security book is using '--' - which
simply comments out the remainder of the line (with
(Comments inline)
tedd wrote:
[···]
One last question, considering the above code, would the following code
be a suitable replacement?
?php
$thestyle= htmlentities($_POST['thestyle']);
setcookie ('thestyle', $set, time()+31536000, '/', '', 0);
header(Location: $HTTP_REFERER);
?
He IS setting cookie before sending HTML block. Note, that he is storing
the beginning of HTL block in a HEREDOC, which he prints after setting
cookie.
Somewhere, he may be printing a blank line prior to setting cookie...that
problem has bitten me more than once, so now I'm on the look-out for
You can't send use setcookie after headers have been sent to the browser,
you can have white space in a php block because this is not sent to the
browser. The exception is if you have output buffering enabled.
Jason
From: qartis [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, March 13, 2002 5:14
I have checked the manual. A few times actually.
I have setcookie(usename, $username);
Will that cookie never expire? Or will it expire at the end of the browsing
session? I couldn't find any details on that in the manual.
Tyler
- Original Message -
From: George Nicolae [EMAIL
On Sun, 2002-01-06 at 16:01, Tyler Longren wrote:
I have checked the manual. A few times actually.
I have setcookie(usename, $username);
Will that cookie never expire? Or will it expire at the end of the browsing
session? I couldn't find any details on that in the manual.
Tyler
12 matches
Mail list logo