Saturday February 11, 2012 @ 10:37:27 GMT+10    ( Weather:  n/a )
Home » Weblog Archives

Powered byD's Bloggie
Weblog » Archive » 2005 » September » Day 30 » PHP register_globals
Browse by specific entry ...
 SQL JoiningPHP Single Quote vs Doubel Quote 
Raw data Post info Pure Ascii HeaderFriday September 30, 2005

PHP register_globals - 6:26 pm
Coding , PHP , Security  -  poster DaRen

There are numerous ways and possibility which makes your code unsecure when PHP register_globals directive is set to ON.

Below are few examples:

Unsecure Example 1 [ Hide ]
[ Highlight ] [ Text ]
  1. <?php
  3. $_SESSION['test'] = "original";
  4. $test = "modified";
  5. echo $_SESSION['test'];
  6.  
  7. // this will output "modified" instead of "original"
  8. ?>


Unsecure Example 2 [ Hide ]
[ Highlight ] [ Text ]
  1. <?php
  2. $_SESSION['test'] = $something;
  3. echo $_SESSION['test'];
  4.  
  5. // Point to the file in browser, with query append to the back:
  6. // test.php?something=modified
  7. // The string "modified" will be output
  8. ?>
|    entry link Permalink:Short   |  Comments ( 0 comment )   |  # 5    |
 SQL JoiningPHP Single Quote vs Doubel Quote 

Reader comments ( Add your comments )

- No comments (yet) -

Leave a public comment

Info Note: Neither BBCode nor HTML tags are supported currently.
Why ? Just to make my life easier and keep things simple.
Others: Comments that are longer than 1000 characters will be truncated.

    ) Info

Info

Info


Before you submit... verification

Please enter verification codes as seen in the image above to post your comment.
If you can't read the word, click here
(Your comment will be manually approved by admin before it's displayed to public)

$ view_blog.php 2009.09.17 18:16:41 $
Lost? | XML/HTML sitemap | Contact
38.107.179.241 , 22 queries , 0.064s
Gzip enabled , CSS compressed , JS compressed
Copyright © 2005-2011 Darren's Outpost