[thelist] beginner PHP question
Allie Micka
allie at pajunas.com
Sat Feb 16 11:31:00 CST 2002
Sure, you can look in $HTTP_POST_VARS and $HTTP_GET_VARS. They're both
arrays containing your
form variables, and its generally 'safer' to use these variables. When
you just use $LastName you don't know for sure where it 'came from', as
different variable scopes overwrite each other.
By default, an Environment variable will be overwritten by a GET variable
of the same name, POST variables overwrite that, and then cookie and
session variables of the same name override them all.
This opens up a window for security holes. Poorly written login code may
say something like if(isset($logged_in)), expecting that it would only be
available if the login code set it in the session. In this case it is not
much trouble to set logged_in=true on the GET request and gain
unauthorized access to the site. Mixing scopes like that is messy.
$HTTP_POST_VARS and $HTTP_GET_VARS are a way to guarantee that variables
come from expected scopes. If you're using 4.1+, you can also use $_GET
and $_POST (and others), which are global in scope and more handy to type!
Allie Micka
pajunas interactive, inc.
http://pajunas.com
More information about the thelist
mailing list