[Cialug] Slightly OT: register_globals in PHP & sessions
Tony Bibbs
cialug@cialug.org
Wed, 05 Jan 2005 19:25:31 -0600
You should turn register_globals off...having it on is a bad security
decision. If you want to get access to a get/post use the corresponding
$_GET or $_POST superglobal.
i.e. if you post a form with a variable called 'state' to get it out and
work with it in your script you'd have something like:
$stateGiven = $_POST['state'];
similarly, if your script accepts both post and get then you can simply
use $_REQUEST which contains all the values you'd find in $_POST and $_GET.
--Tony
Bailey, Jonathan C wrote:
>I currently have register_globals on so that get and post elements can be registered as variables. This has also set $_SESSION["whatever"] to just $whatever. How do I get it to make get/post as global, but access sessions through $_SESSION?
>
>
>
>--------------------
>Jonathan Bailey
>POS Analyst
>bailj0@bp.com
>(515) 226-5005
>
>_______________________________________________
>Cialug mailing list
>Cialug@cialug.org
>http://cialug.org/mailman/listinfo/cialug
>
>