FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » Magic quotes? Should I still be cautious?
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: Magic quotes? Should I still be cautious? [message #176429 is a reply to message #176425] Fri, 06 January 2012 18:05 Go to previous messageGo to previous message
Jerry Stuckle is currently offline  Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma:
Senior Member
On 1/6/2012 11:41 AM, M. Strobel wrote:
> Am 06.01.2012 01:36, schrieb Jerry Stuckle:
>> On 1/5/2012 6:28 PM, M. Strobel wrote:
>>> Am 05.01.2012 14:08, schrieb Erwin Moller:
>>>>
> ------cut
>>
>> $REQUESTS is quite dangerous. You never know whether it comes
>> from $_GET, $_POST or $_COOKIE, for instance.
>
> Why do you need to know exactly if the data is from GET or POST?
> Does your program use POST urls with variables in the url?
>
> If yes, did you not take care to have different variable names?
>
> I know one thing: the data comes from the user.
>
>> A hacker can easily manipulate things like $_COOKIE to put
>> whatever he wants in them. Rather, you should use $_GET, $_POST
>> and $_COOKIE, as appropriate. Additionally, what you actually
>> get depends on the request_order option in the php.ini file, and
>> can change - potentially breaking your code.
>>
>
> Why mention cookie here? He can manipulate everything.
>
> I taught an interface programmer how to test my forms with curl,
> see here http://curl.haxx.se/docs/manpage.html especially the
> --get and --form options.
>
> $_REQUEST is not more dangerous than programming in PHP. q.e.d.
>
> /Str.

Keep thinking that. Those of us concerned about security will keep
using the appropriate values.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: Lilupophilupop
Next Topic: [WSP] CALL FOR PAPERS [FREE]
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Tue Nov 26 07:03:38 GMT 2024

Total time taken to generate the page: 0.06852 seconds