GB_001 Posted March 25, 2008 Share Posted March 25, 2008 Hello, I was wondering how would I go about protecting my global variables from injection? For example: www.mysite.com?U=$_SESSION['email']. Anyone can easily change the variable value. Quote Link to comment https://forums.phpfreaks.com/topic/97722-protecting-variables/ Share on other sites More sharing options...
cooldude832 Posted March 25, 2008 Share Posted March 25, 2008 how is that injection if the intended use is to access (lets assume U = user) user specific page based on the GET variable? Quote Link to comment https://forums.phpfreaks.com/topic/97722-protecting-variables/#findComment-500048 Share on other sites More sharing options...
GB_001 Posted March 25, 2008 Author Share Posted March 25, 2008 I'm saying it can be abused, to bypass certain restrictions. etc. Quote Link to comment https://forums.phpfreaks.com/topic/97722-protecting-variables/#findComment-500228 Share on other sites More sharing options...
Cep Posted March 25, 2008 Share Posted March 25, 2008 In other words your using an email address as a user name and I could use your email address to access your account as opposed to my own? If that's the case your authentication method is very poor. Please explain your process more. Quote Link to comment https://forums.phpfreaks.com/topic/97722-protecting-variables/#findComment-500232 Share on other sites More sharing options...
wildteen88 Posted March 25, 2008 Share Posted March 25, 2008 Users will not be able to override your variables within your scripts provided register_globals is disabled (which it should be by default). Quote Link to comment https://forums.phpfreaks.com/topic/97722-protecting-variables/#findComment-500233 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.