Rommeo Posted November 3, 2010 Share Posted November 3, 2010 I have just noticed that I m allowed to use variables without using the extract function. like ; before : your name is $_POST['name']; now I m allowed to use ; your name is $name // I m not using here extract What can cause this ? How can I switch it off ? Any security problems I can face ? Link to comment https://forums.phpfreaks.com/topic/217696-without-using-extract-functionhow-can-this-be-possible/ Share on other sites More sharing options...
Andy-H Posted November 3, 2010 Share Posted November 3, 2010 Turn off register_globals in php.ini. Link to comment https://forums.phpfreaks.com/topic/217696-without-using-extract-functionhow-can-this-be-possible/#findComment-1130030 Share on other sites More sharing options...
PFMaBiSmAd Posted November 3, 2010 Share Posted November 3, 2010 Any security problems I can face ? Yes. With register_globals ON, I can set any of your program or session variables to any value I want. Link to comment https://forums.phpfreaks.com/topic/217696-without-using-extract-functionhow-can-this-be-possible/#findComment-1130041 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.