GB_001 Posted March 25, 2008 Share Posted March 25, 2008 Hello, I was wondering how would I go about protecting my global variables from injection? For example: www.mysite.com?U=$_SESSION['email']. Anyone can easily change the variable value. Link to comment https://forums.phpfreaks.com/topic/97722-protecting-variables/ Share on other sites More sharing options...
cooldude832 Posted March 25, 2008 Share Posted March 25, 2008 how is that injection if the intended use is to access (lets assume U = user) user specific page based on the GET variable? Link to comment https://forums.phpfreaks.com/topic/97722-protecting-variables/#findComment-500048 Share on other sites More sharing options...
GB_001 Posted March 25, 2008 Author Share Posted March 25, 2008 I'm saying it can be abused, to bypass certain restrictions. etc. Link to comment https://forums.phpfreaks.com/topic/97722-protecting-variables/#findComment-500228 Share on other sites More sharing options...
Cep Posted March 25, 2008 Share Posted March 25, 2008 In other words your using an email address as a user name and I could use your email address to access your account as opposed to my own? If that's the case your authentication method is very poor. Please explain your process more. Link to comment https://forums.phpfreaks.com/topic/97722-protecting-variables/#findComment-500232 Share on other sites More sharing options...
wildteen88 Posted March 25, 2008 Share Posted March 25, 2008 Users will not be able to override your variables within your scripts provided register_globals is disabled (which it should be by default). Link to comment https://forums.phpfreaks.com/topic/97722-protecting-variables/#findComment-500233 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.