Mike,
Both of your bit of code are not equal.
On my ISP in 4.0.6 isset returned false if the variable was not existing OR
empty
in 4.2 isset returns true if the variable exists but is empty, so you may
want to check with empty instead of isset
Luc
At 12:16 10/05/2002 +0100, Ford, Mike
On Fri, 10 May 2002, Ford, Mike [LSS] wrote:
> Also, by using the $_POST, $_GET arrays, you know exactly where the
> input is coming from (even if register_globals is also on!). If you
> have register_globals set to on, and you just look to see if (say)
> $password has a value, whic
At 15:13 10/05/2002, Ford, Mike [LSS] wrote:
>I should have said "less secure" rather than "more secure".
>
>Am I right this time?
Yep :)
Zeev
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
> -Original Message-
> From: Ford, Mike [LSS] [mailto:[EMAIL PROTECTED]]
> Sent: 10 May 2002 12:54
> To: 'Zeev Suraski'
> Cc: [EMAIL PROTECTED]
> Subject: RE: [PHP] register_globals in php4
>
> > -Original Message-
> > From: Zeev Sura
> -Original Message-
> From: Zeev Suraski [mailto:[EMAIL PROTECTED]]
> Sent: 10 May 2002 12:36
>
> You meant it the other way around, didn't you? :)
Er, yes! ;)
(I cut-and-pasted one example to create the other, and then changed the wrong "on" to
"off"!!)
Cheers!
Mike
--
At 14:16 10/05/2002, Ford, Mike [LSS] wrote:
>No, but this:
>
> if (isset($password)): // register_globals on
> $super_user = $password==$super_password;
> endif;
>
> if ($super_user):
> // sensitive admin stuff
> endif;
>
>is more secure than:
>
>
> -Original Message-
> From: Kevin Stone [mailto:[EMAIL PROTECTED]]
> Sent: 09 May 2002 23:09
>
> Hmm. No offense ..., but I don't believe turning
> Registered Globals off
> will have any effect on security. Turning Registered Globals off just
> provides a more strict environment for c
On Thu, 9 May 2002, Kevin Stone wrote:
>> If register_globals is off, then you'll get $_GET['id'] = 3 and
>> $_GET['sex'] = female. It's then up to you to make sure those are okay.
>> But at least $id and $sex won't get set until you explicitly set them in
>> your code.
>
> Hmm. No offense Migue
- Original Message -
From: "Miguel Cruz" <[EMAIL PROTECTED]>
To: "Patrick Hsieh" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Thursday, May 09, 2002 11:52 AM
Subject: Re: [PHP] register_globals in php4
> On Fri, 10 May 2002, Patrick
- Original Message -
From: "Patrick Hsieh" <[EMAIL PROTECTED]>
> Hello list,
>
> php4.1 recommends to set register_globals=off in php.ini to make php
> more strict. My question is, if I turn off register_globals, what will
> happen if any malicious user just try to modify the variable val
On Fri, 10 May 2002, Patrick Hsieh wrote:
> php4.1 recommends to set register_globals=off in php.ini to make php
> more strict. My question is, if I turn off register_globals, what will
> happen if any malicious user just try to modify the variable values in
> the url? Say,
>
> http://www.domain
Hello list,
php4.1 recommends to set register_globals=off in php.ini to make php
more strict. My question is, if I turn off register_globals, what will
happen if any malicious user just try to modify the variable values in
the url? Say,
http://www.domain.com/xxx.php?id=3&sex=female
Does it wor
12 matches
Mail list logo
