WebApp Sec mailing list archives
Re: PHP and "Register_Globals"
From: Nasir Simbolon <nasir () 3wsi com>
Date: Mon, 31 Mar 2003 11:59:03 +0700
I soon realized the security issues, and wrote my own validation-functions, ... to handle all the XSS and SQL-injection problems. my question is now: my app is 'safe', but what do I do if my future webhost has register_globals to 'off'?
use Variable variables, a feature of PHP. Put this in the beginning of your scripts /* Make $_POST variables global */ while(list($key,$val)=each($_POST)) ${$key} = $val; /* Make $_GET variables global */ while(list($key,$val)=each($_GET)) ${$key} = $val; you will get variables $_POST and $_GET registered globally. regads, Nasir Simbolon
Current thread:
- PHP and "Register_Globals" Ulrich P. (Mar 29)
- Re: PHP and "Register_Globals" Adrian (Mar 29)
- Re: PHP and "Register_Globals" shimi (Mar 29)
- Re: PHP and "Register_Globals" Jim McGarvey (Mar 29)
- Re: PHP and "Register_Globals" Ulrich P. (Mar 30)
- Re: PHP and "Register_Globals" Jim McGarvey (Mar 30)
- Re: PHP and "Register_Globals" Jim McGarvey (Mar 29)
- Re: PHP and "Register_Globals" Chris Travers (Mar 29)
- Re: PHP and "Register_Globals" Nasir Simbolon (Mar 30)