Candrias77
04-11-2003, 01:53 PM
After reading about how having Register Globals turned off can increase security, etc. I have been playing around on my localhost.
I notice that by having RG off and (for example) then putting extract($_GET) at the top of a 00.php you ban any use of 00.php?user=jim which is very easily forged, you also completely hide the names of the variables (browsers will not even know the $user varibale exists). Great! - access is restricted to information passed using the GET method.
This is easy enough to apply when using forms, simply use method=get but what if I was trying to replace a simple text link such as 00.php?page=9? When RG was on this was easy enough to use but now that this use is banned, what is the method for passing variables through to a page with a simple text link?
I am relatively new to a lot of the more complex workings of php and am interested in any thoughts and tricks reguarding this feature.
Cheers
I notice that by having RG off and (for example) then putting extract($_GET) at the top of a 00.php you ban any use of 00.php?user=jim which is very easily forged, you also completely hide the names of the variables (browsers will not even know the $user varibale exists). Great! - access is restricted to information passed using the GET method.
This is easy enough to apply when using forms, simply use method=get but what if I was trying to replace a simple text link such as 00.php?page=9? When RG was on this was easy enough to use but now that this use is banned, what is the method for passing variables through to a page with a simple text link?
I am relatively new to a lot of the more complex workings of php and am interested in any thoughts and tricks reguarding this feature.
Cheers