PHP Security: Trouble With Input Source (GET, POST, ENV, Cookie, SERVER)
PHP Security Superglobal Tips: Taking variable value can from various source. We recognize the source: GET, POST, Env, Cookie, SERVER. For example, we mention a variable $test, it can contain just where from any where.
At small application, possible still modestly in managing variable. But when the application become bigger, variable naming become the muddle. Will very wise if we take a care to determine the source for variable
For example:<? echo $test; ?>
It can come from $_GET['test'], $_POST['test'], $_SESSION['test'], etc. Depend of your php.ini. Try to open your php.ini (my php.ini within C:\WINDOWS. It depend installation). Find like following line code:
variables_order = "EGPCS"
It mean high priority is from ENV. Then GET, POST, Cookie, last SERVER. So, if you write like this:
<? echo $test; ?>
It will find from $_ENV['test'] for first time. You can change your php.ini and set as you need, like:
variables_order = "GPSC"
Tag: security, parameter, GET, POST, ENV, Cookie, SERVER Category: PHP Security Post : February 27th 2008 Read: 1,012
blog comments powered by Disqus