if(something) $authorized = true;
if($authorized){
...do something requiring security...
}A hacker could easily go to script.php?authorized=1, and gain access. If you only allow one variable in that ($_GET['var']), you will know that the variable is from an outside source, and can act accordingly.
John W. Holmes wrote:
It is considered more secure to declare the variable explicitly.
$var = $_GET["var"];
Ummm... that's the same result as having register_globals on (basically). You're not helping anything and it's certainly not any more "secure".
---John W. Holmes...
PHP Architect - A monthly magazine for PHP Professionals. Get your copy today. http://www.phparch.com/
script.I'm having a problem with form data being recognized by a php
$GET[var]If I send information with a GET the variable data appears in
but not $var. >
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
-- The above message is encrypted with double rot13 encoding. Any unauthorized attempt to decrypt it will be prosecuted to the full extent of the law.
