A few years ago, my wife and I decided to go on a skiing trip up north. To reserve skiing equipment, you had to give 24 hours advance notice using the ski lodge's on-line website. The catch was that my wife had asked me to make the reservations 23 hours before the deadline.
So I got to thinking, and examined the online website, which would not let you make any reservations within the 24 hour timeframe. However, once you selected an appropriate date, I noticed that the URL was:
https://www.somewhere.com/reservations.php?date=01-23-01
It occurred to me that, while they had locked down security on what dates I could choose from, the final value was placed into a GET statement at the end of the web address. I modified the web address to use "date=01-22-01" and indeed, our skies were waiting for us first thing the next morning (we paid for them, of course).
This innocent yet practical example is just one of the dangers we have to be aware of when using any programming language that can be used in ways that we did not intend, which leads us into our discussion on PHP Superglobals.
this was found on: http://hr.uoregon.edu/davidrl/lamp/php.html#PHPSUPERGLOBALS
-Michael -- Pratt Museum IT Intern All programmers are playwrights and all computers are lousy actors.
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
