Mailinglist Archive: opensuse (769 mails)

< Previous Next >
Re: [opensuse] Submitting parameters to php
  • From: Werner Flamme <werner.flamme@xxxxxxxx>
  • Date: Sat, 7 May 2016 11:02:51 +0200
  • Message-id: <572DAF3B.40001@email.de>
2016-05-05 22:28 Wolfgang Mueller:

This afternoon, I have found a simple trick to use $_GET[] without
reprogramming the whole scripts. It is just sufficient to put a line
in the beginning of ever script that attributes the values submitted
in the URL to the homonymous variable:

$param1 = $_GET["param1"]; $param2 = $_GET["param2"]; etc.

I already tested it with three scripts, and it seems to work pretty
well.

You beg for punishment, don't you? :) I hope those scripts are not
accessible from the web. Or that they don't run on a host where
productive data is kept. Taking input without sanity checks is...
dangerous.

I am glad that the insane construction of old times, where every input
parameter was taken directly into a variable, is abandoned. You never
knew if some hacker set a variable to some unexpected value simply by
adding it to the URL.

Werner
--



--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups