[UPHPU] Form Help
jgrotegut at gmail.com
Fri Jun 24 13:21:34 MDT 2005
On 6/24/05, dataw0lf <digitalsuicide at gmail.com> wrote:
> Mac Newbold wrote:
> > I grant you that, in general, that is true. However, in this case, it
> > makes no difference. You can't trust data in $_POST or $_COOKIE any more
> > than you can trust data in $_GET, because they're _all_ sent from the
> > user and are subject to the user sending you whatever they want.
> You know I know this :). However, using $_REQUEST, even in a situation
> like this, gives potentially malicious users a better stepping stone
> then just one specific super global. Obviously, you're still going to
> have to properly cleanse the variable.
> It also adds to code readability (which, in turn, often affects security).
> Joshua Simpson -- dataw0lf.org
> Lead Network Administrator/Engineer Aero-Graphics Inc.
> jsimpson at aero-graphics.com
> UPHPU mailing list
> UPHPU at uphpu.org
> IRC: #uphpu on irc.freenode.net
Thanks to everyone for your help, it looks like I got the first page
figured out, now I am just working on the second one. It definatly
looks like I am going to need to read up on my security for php as
well as many other aspects of PHP. I have a lot to learn still
More information about the UPHPU