Hey guys,
I know this has been brought up several times but can't find it in the
archives of this list.
I have some PHP 4 scripts that check the value of a "logged in" variable.
if the user authenticates him/her self, then the "logged in" variable gets
set and registered with the session. How can I stop some evil person from
passing that variable to my script using GET or POST methods ?
I tried:
$HTTP_POST_VARS[user_authenticated] = "";
$HTTP_GET_VARS[user_authenticated] = "";
and:
unset($HTTP_POST_VARS[user_authenticated]);
unset($HTTP_GET_VARS[user_authenticated]);
but that didn't do me any good. Please advise.
Thank you,
Steve Maroney
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]