smc Posted March 14, 2007 Share Posted March 14, 2007 Hello, I recently turned register_globals off on a security recommendation but apparently my coding style doesn't agree with it. Basically I need to know how to use the variables I define in the HTTP bar in my code with register_globals off. Thanks! Quote Link to comment Share on other sites More sharing options...
per1os Posted March 14, 2007 Share Posted March 14, 2007 $var = $_GET['passedVarName']; and remember before using it in any type of sql to use mysql_real_escape_string(); also remember that you may want to convert all < to < to avoid javascript injection. Quote Link to comment Share on other sites More sharing options...
WebGeek182 Posted March 15, 2007 Share Posted March 15, 2007 $var = $_GET['passedVarName']; and remember before using it in any type of sql to use mysql_real_escape_string(); also remember that you may want to convert all < to < to avoid javascript injection. Exactly - I agree with frost110. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.