Re: [PHP] Re: Variables within a string

On Thursday 14 March 2002 14:14, Analysis & Solutions wrote: [snip] > The examples on that page are lame. For example: > >if($HTTP_COOKIE_VARS['username']){ > // can only come from a cookie, forged or otherwise > $good_login = 1; > fpassthru ("/highly/sensitive/data/index.

Re: [PHP] Re: Variables within a string

On Tue, Mar 12, 2002 at 05:42:12PM +0800, Jason Wong wrote: > On Tuesday 12 March 2002 12:27, Analysis & Solutions wrote: > > The source of the data *does* matter. That is why the latest releases of > PHP (> 4.0.6) recommends having register_globals OFF by default. > ... snip snip snip ... > To s

Re: [PHP] Re: Variables within a string

On Monday, March 11, 2002, at 10:34 PM, Jason Wong wrote: >>> On Monday 11 March 2002 11:10, Chris Cocuzzo wrote: $foo = "Entry for " . $HTTP_POST_VARS["name"]; >>> >>> $foo = "Entry for for $HTTP_POST_VARS[name]"; >> >> But that's not good programming. Associative arrays should have the

Re: [PHP] Re: Variables within a string

I love your example.. > But if you don't know where the data came from then it's not secure. > Consider a "real-life" example. Robin Hood steals the Sheriff's ATM card, > and the Sheriff stupidly enough has written the PIN onto the back of the > card. Now Robin can go and withdraw all the money f

Re: [PHP] Re: Variables within a string

On Tuesday 12 March 2002 12:27, Analysis & Solutions wrote: > > For security reasons. To make sure the variable did come from POSTing a > > form and not from the URL. > > Neither is more or less secure. The source of the data doesn't matter. The source of the data *does* matter. That is why the

Re: [PHP] Re: Variables within a string

On Tue, Mar 12, 2002 at 11:34:14AM +0800, Jason Wong wrote: > On Tuesday 12 March 2002 11:11, Analysis & Solutions wrote: > > On Mon, Mar 11, 2002 at 08:39:16PM -0500, webapprentice wrote: > > > From: Jason Wong <[EMAIL PROTECTED]> > > > > > > On Monday 11 March 2002 11:10, Chris Cocuzzo wrote: >

Re: [PHP] Re: Variables within a string

On Tuesday 12 March 2002 11:11, Analysis & Solutions wrote: > On Mon, Mar 11, 2002 at 08:39:16PM -0500, webapprentice wrote: > > From: Jason Wong <[EMAIL PROTECTED]> > > > > On Monday 11 March 2002 11:10, Chris Cocuzzo wrote: > > > $foo = "Entry for " . $HTTP_POST_VARS["name"]; > > > > $foo = "Ent

[PHP] Re: Variables within a string

Oh, so that's how you deal with indexed variables inside of double quotes... I can't believe that has eluded me for so long... --- From: Jason Wong <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Date: Mon, 11 Mar 2002 12:09: