PHP help
PHP help
Out of context: Reply #9
- Started
- Last post
- 27 Responses
- justjeff0
you should add this to the beggining of your script to retrieve all $_GET/$_POST vars:
foreach ($_REQUEST as $key => $value) $$key = $value;
Anarchitect
(Nov 15 05, 10:50)That's actually a bad idea, and it's as flawed as allowing register_globals to be on in the first place.
You should only use vars from $_REQUEST, $_POST, and $_GET as you need them - pulling them globally at the start of a script can lead to very common programming bugs where an initialized variable is meant to imply a known state, and a tainted REQUEST can override privilleges.
This was the most common security hole in PHP scripts for about 2 years from 2001-2003, and caused the PHP camp to finally disable register_globals by default.