Mailinglist Archive: opensuse (769 mails)

< Previous Next >
Re: [opensuse] Submitting parameters to php


Am 07.05.2016 um 11:02 schrieb Werner Flamme:
2016-05-05 22:28 Wolfgang Mueller:

This afternoon, I have found a simple trick to use $_GET[] without
reprogramming the whole scripts. It is just sufficient to put a line
in the beginning of ever script that attributes the values submitted
in the URL to the homonymous variable:

$param1 = $_GET["param1"]; $param2 = $_GET["param2"]; etc.

I already tested it with three scripts, and it seems to work pretty
well.

You beg for punishment, don't you? :) I hope those scripts are not
accessible from the web. Or that they don't run on a host where
productive data is kept. Taking input without sanity checks is...
dangerous.

...

I thought the same on first sight. But then again, as he uses his old scripts I guess the adequate tests will follow using his variable names.

With just "$param1 = $_GET["param1"];" as much as I know nothing can happen. Important is what follows, i.e. how he uses these variables, and I guess he id not put these things in the post to not bloat it...

Daniel
--
Daniel Bauer photographer Basel Barcelona
http://www.daniel-bauer.com
room in Barcelona: https://www.airbnb.es/rooms/2416137
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >