Rommeo Posted November 3, 2010 Share Posted November 3, 2010 I have just noticed that I m allowed to use variables without using the extract function. like ; before : your name is $_POST['name']; now I m allowed to use ; your name is $name // I m not using here extract What can cause this ? How can I switch it off ? Any security problems I can face ? Quote Link to comment https://forums.phpfreaks.com/topic/217696-without-using-extract-functionhow-can-this-be-possible/ Share on other sites More sharing options...
Andy-H Posted November 3, 2010 Share Posted November 3, 2010 Turn off register_globals in php.ini. Quote Link to comment https://forums.phpfreaks.com/topic/217696-without-using-extract-functionhow-can-this-be-possible/#findComment-1130030 Share on other sites More sharing options...
PFMaBiSmAd Posted November 3, 2010 Share Posted November 3, 2010 Any security problems I can face ? Yes. With register_globals ON, I can set any of your program or session variables to any value I want. Quote Link to comment https://forums.phpfreaks.com/topic/217696-without-using-extract-functionhow-can-this-be-possible/#findComment-1130041 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.