Jump to content

Archived

This topic is now archived and is closed to further replies.

suckablesausage

register globals, $_GET, is it THAT bad?

Recommended Posts

I was reading on the forum. Some people were getting flamed for asking about the register_globals function. They were getting scolded and told to have it OFF. PERIOD. Is it that bad? Unsafe?

$_GET, $_POST <<--- arre those going to be disabled in PHP6? What are other methods of transferring variables if those are going to get disabled.

I want to have my URL like this..

[a href=\"http://www.me.com/index.php?food=chicken&drink=beer\" target=\"_blank\"]http://www.me.com/index.php?food=chicken&drink=beer[/a]
[a href=\"http://www.me.com/index.php?food=fish&drink=gatorade\" target=\"_blank\"]http://www.me.com/index.php?food=fish&drink=gatorade[/a]
[a href=\"http://www.me.com/index.php?food=people&drink=blood\" target=\"_blank\"]http://www.me.com/index.php?food=people&drink=blood[/a]

ya know? does register globals have to be on? im hosting a game server website. would it lower the security? everyone says i'd get hacked? i dont understand.

on my [a href=\"http://mubalamban.zapto.org/\" target=\"_blank\"]http://mubalamban.zapto.org/[/a] website, i use $_post alot. is it bad? someone please help me

Share this post


Link to post
Share on other sites
Don't worry -- $_GET and $_POST will still work. When register_globals() is on, then for page.php?id=0, inside your code you can just say $id instead of $_GET['id']. That way, it declares all variables in the superglobals ($_ENV,$_GET,$_POST,$_REQUEST,$_SESSION). It's obvious why it's bad.

Share this post


Link to post
Share on other sites
haha cool man. hey i visited your blog. nice site. i saw your pictures bro. anyway. man i read the sticky on the top of the forum relating to my issue but the link is down or something. do you think you can show me a site with tutorials or what posts that could help me? it would help me a lot :) im still confused what you mean by the $_GET['id'] :( is there any safe way ? any method you would use azuka?

Share this post


Link to post
Share on other sites
Read through this [a href=\"http://phpsec.org/projects/guide/\" target=\"_blank\"]security guide[/a]. In particular the section dealing with register globals

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.