On Wed, September 14, 2005 1:57 pm, Dan Baker wrote:
> (snipped)
>> If you're going to use $_REQUEST you might as well just turn on
>> register
>> globals (no, don't!).
More mis-information.
$_REQUEST is simply the array_merge() of $_GET, $_POST, and $_COOKIE.
You either check the contents of an
On Wed, September 14, 2005 2:08 pm, Jim Moseby wrote:
> Suppose you have a form that posts set hidden values. A malicious
> user
> could modify the URI to change those values.
Sure.
Or they could save your HTML on their hard drive, edit it in their
editor of choice (some of which require NO brai
> Suppose you have a form that posts set hidden values. A malicious user
> could modify the URI to change those values.
A malicious user could just as easily modify the http header that sets
the POST, or the cookie that sets the COOKIE, or whatever. In other
words, if it comes from the user, it
> (snipped)
> "Ben" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]
> > Gustav Wiberg wrote:
> >> if (isset($_REQUEST["frmUsername"])) {
> >>
> >> $un = $_REQUEST["frmUsername"];
> >
> > If you're going to use $_REQUEST you might as well just
> turn on register
> > globals (no, do
4 matches
Mail list logo