PHP Security: Trouble With Input Source (GET, POST, ENV, Cookie, SERVER)
PHP Security Superglobal Tips: Taking variable value can from various source. We recognize the source: GET, POST, Env, Cookie, SERVER. For example, we mention a variable $test, it can contain just where from any where.
At small application, possible still modestly in managing variable. But when the application become bigger, variable naming become the muddle. Will very wise if we take a care to determine the source for variable
For example:<? echo $test; ?>
It can come from $_GET['test'], $_POST['test'], $_SESSION['test'], etc. Depend of your php.ini. Try to open your php.ini (my php.ini within C:\WINDOWS. It depend installation). Find like following line code:
variables_order = "EGPCS"
It mean high priority is from ENV. Then GET, POST, Cookie, last SERVER. So, if you write like this:
<? echo $test; ?>
It will find from $_ENV['test'] for first time. You can change your php.ini and set as you need, like:
variables_order = "GPSC"
Tag: security, parameter, GET, POST, ENV, Cookie, SERVER Category: PHP Security Post : February 27th 2008 Read: 1,025
blog comments powered by Disqus
Database Tutorial
Security Tutorial
Framework Tutorial
Template Tutorial
API Tutorial
JS Framework Tutorial
AJAX Tutorial
Web Services Tutorial
Package Post
- Joomla Intro
- Joomla Component
- Joomla Module
- Joomla MVC
- Joomla MVC Backend
- PostNuke Intro
- Zend Framework Intro
- Zend Framework Action
- Zend Framework Database
- Zend Framework Registry
- Zend Framework Config
- Zend Framework Login
- Zend Framework Session
- PHP Array Tips
- PHP File Tips
- PHP Email
- PHP Ms Excel
- PHP Pattern
- PHP SMS
- Flash Database
- PHP Multitier
- jQuery Introduction
- jQuery Selectors
- Portable Web Server
- Web Mobile Intro
- Drupal Installation
- Drupal Configuration