Jump to content


Photo

register globals, $_GET, is it THAT bad?


  • Please log in to reply
3 replies to this topic

#1 suckablesausage

suckablesausage
  • New Members
  • Pip
  • Newbie
  • 5 posts

Posted 27 March 2006 - 11:36 PM

I was reading on the forum. Some people were getting flamed for asking about the register_globals function. They were getting scolded and told to have it OFF. PERIOD. Is it that bad? Unsafe?

$_GET, $_POST <<--- arre those going to be disabled in PHP6? What are other methods of transferring variables if those are going to get disabled.

I want to have my URL like this..

[a href=\"http://www.me.com/index.php?food=chicken&drink=beer\" target=\"_blank\"]http://www.me.com/index.php?food=chicken&drink=beer[/a]
[a href=\"http://www.me.com/index.php?food=fish&drink=gatorade\" target=\"_blank\"]http://www.me.com/index.php?food=fish&drink=gatorade[/a]
[a href=\"http://www.me.com/index.php?food=people&drink=blood\" target=\"_blank\"]http://www.me.com/index.php?food=people&drink=blood[/a]

ya know? does register globals have to be on? im hosting a game server website. would it lower the security? everyone says i'd get hacked? i dont understand.

on my [a href=\"http://mubalamban.zapto.org/\" target=\"_blank\"]http://mubalamban.zapto.org/[/a] website, i use $_post alot. is it bad? someone please help me

#2 azuka

azuka
  • Members
  • PipPipPip
  • Advanced Member
  • 55 posts
  • LocationNigeria

Posted 27 March 2006 - 11:58 PM

Don't worry -- $_GET and $_POST will still work. When register_globals() is on, then for page.php?id=0, inside your code you can just say $id instead of $_GET['id']. That way, it declares all variables in the superglobals ($_ENV,$_GET,$_POST,$_REQUEST,$_SESSION). It's obvious why it's bad.

Given enough eyeballs all bugs are shallow. My Website

#3 suckablesausage

suckablesausage
  • New Members
  • Pip
  • Newbie
  • 5 posts

Posted 28 March 2006 - 12:38 AM

haha cool man. hey i visited your blog. nice site. i saw your pictures bro. anyway. man i read the sticky on the top of the forum relating to my issue but the link is down or something. do you think you can show me a site with tutorials or what posts that could help me? it would help me a lot :) im still confused what you mean by the $_GET['id'] :( is there any safe way ? any method you would use azuka?

#4 shoz

shoz
  • Staff Alumni
  • Advanced Member
  • 600 posts

Posted 28 March 2006 - 03:07 AM

Read through this [a href=\"http://phpsec.org/projects/guide/\" target=\"_blank\"]security guide[/a]. In particular the section dealing with register globals




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users