Announcement

Collapse
No announcement yet.

Security Risk?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Security Risk?

    Is there a security risk in using $variable over $HTTP_POST_VARS['variable'] with post forms?
    Ryan "leadZERO" Sommers
    Gamer's Impact President
    [email protected]
    ICQ: 1019590
    AIM/MSN: leadZERO

    -= http://www.gamersimpact.com =-

  • #2
    technically, yes because HTTP_POST_VARS looks for a POST from a form, where as a GET can be shoved into the address line like so.

    blah.php?variable=blah

    So use HTTP_POST_VARS unless you have checking systems for the GET post vars, so no one can break in with fake GET vars.

    Comment

    widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
    Working...
    X