2016-05-05 22:28 Wolfgang Mueller:
This afternoon, I have found a simple trick to use $_GET[] without reprogramming the whole scripts. It is just sufficient to put a line in the beginning of ever script that attributes the values submitted in the URL to the homonymous variable:
$param1 = $_GET["param1"]; $param2 = $_GET["param2"]; etc.
I already tested it with three scripts, and it seems to work pretty well.
You beg for punishment, don't you? :) I hope those scripts are not accessible from the web. Or that they don't run on a host where productive data is kept. Taking input without sanity checks is... dangerous. I am glad that the insane construction of old times, where every input parameter was taken directly into a variable, is abandoned. You never knew if some hacker set a variable to some unexpected value simply by adding it to the URL. Werner -- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org