[FX.php List] This is doing my head in...
Steve Winter
steve at bluecrocodile.co.nz
Sun Nov 25 10:47:23 MST 2007
A typically cryptic, completely off the point, ggt post ;-)
As I understand it, the theory of it is that it means that pages which
require data to be posted, and are therefore capable of making changes to a
database are more easily able to be 'hacked' if they use _REQUEST, since it
means that someone could look at the source of your html page, determine
variables about your database, then use a get command to 'attack' your
database, or some such thing of that kind...
In the case of that code, it's totally irrelevant, as the user has to have
already logged in to get anywhere that code, they will never be able to
determine its name from the web, since it's a page which is included by a
page which in turn was included previously, based on a series of 'upstream
decisions'...
And for the record, the problem still persists, so if anyone can see any
reason why code that will behave correctly when accessed once round all of a
sudden 'flips out' when it's used a short time later...
Thanks
Steve
-----Original Message-----
From: fx.php_list-bounces at mail.iviking.org
[mailto:fx.php_list-bounces at mail.iviking.org] On Behalf Of Dale Bengston
Sent: Sunday, 25 November 2007 5:12 p.m.
To: FX.php Discussion List
Subject: Re: [FX.php List] This is doing my head in...
Why not?
Dale
On Nov 25, 2007, at 3:21 AM, Gjermund Gusland Thorsen wrote:
> Never use _REQUEST, use _POST or _GET
_______________________________________________
FX.php_List mailing list
FX.php_List at mail.iviking.org
http://www.iviking.org/mailman/listinfo/fx.php_list
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.503 / Virus Database: 269.16.6/1150 - Release Date: 24/11/2007
5:58 p.m.
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.503 / Virus Database: 269.16.6/1150 - Release Date: 24/11/2007
5:58 p.m.
More information about the FX.php_List
mailing list