On Thursday 14 March 2002 14:14, Analysis Solutions wrote:
[snip]
The examples on that page are lame. For example:
if($HTTP_COOKIE_VARS['username']){
// can only come from a cookie, forged or otherwise
$good_login = 1;
fpassthru (/highly/sensitive/data/index.html);
On Tue, Mar 12, 2002 at 05:42:12PM +0800, Jason Wong wrote:
On Tuesday 12 March 2002 12:27, Analysis Solutions wrote:
The source of the data *does* matter. That is why the latest releases of
PHP ( 4.0.6) recommends having register_globals OFF by default.
... snip snip snip ...
To see why
On Tuesday 12 March 2002 12:27, Analysis Solutions wrote:
For security reasons. To make sure the variable did come from POSTing a
form and not from the URL.
Neither is more or less secure. The source of the data doesn't matter.
The source of the data *does* matter. That is why the
I love your example..
But if you don't know where the data came from then it's not secure.
Consider a real-life example. Robin Hood steals the Sheriff's ATM card,
and the Sheriff stupidly enough has written the PIN onto the back of the
card. Now Robin can go and withdraw all the money from
On Monday, March 11, 2002, at 10:34 PM, Jason Wong wrote:
On Monday 11 March 2002 11:10, Chris Cocuzzo wrote:
$foo = Entry for . $HTTP_POST_VARS[name];
$foo = Entry for for $HTTP_POST_VARS[name];
But that's not good programming. Associative arrays should have the
key
quoted in order
+0800
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Subject: Re: [PHP] Variables within a string
On Monday 11 March 2002 11:10, Chris Cocuzzo wrote:
I would imagine the problem has something to do with those escaped quote
marks, but in any case, you could probably get around it by doing
On Tuesday 12 March 2002 11:11, Analysis Solutions wrote:
On Mon, Mar 11, 2002 at 08:39:16PM -0500, webapprentice wrote:
From: Jason Wong [EMAIL PROTECTED]
On Monday 11 March 2002 11:10, Chris Cocuzzo wrote:
$foo = Entry for . $HTTP_POST_VARS[name];
$foo = Entry for for
On Tue, Mar 12, 2002 at 11:34:14AM +0800, Jason Wong wrote:
On Tuesday 12 March 2002 11:11, Analysis Solutions wrote:
On Mon, Mar 11, 2002 at 08:39:16PM -0500, webapprentice wrote:
From: Jason Wong [EMAIL PROTECTED]
On Monday 11 March 2002 11:10, Chris Cocuzzo wrote:
$foo = Entry
8 matches
Mail list logo