explanation only

Discussing Html . Code , Software , other

Moderators: macek, egami, gesf

red fox
New php-forum User
New php-forum User
Posts: 39
Joined: Tue Nov 22, 2005 8:14 am

explanation only

Postby red fox » Fri Mar 24, 2006 8:17 am

hi
i need explanation to this code i read it on php manual
like action and the value "y' all things like this

Code: Select all

<form method="post" action="attacktarget?errors=Y&amp;showerrors=1&amp;debug=1">
<input type="hidden" name="errors" value="Y" />
<input type="hidden" name="showerrors" value="1" />
<input type="hidden" name="debug" value="1" />
</form>

User avatar
Coditor
New php-forum User
New php-forum User
Posts: 243
Joined: Wed Feb 01, 2006 9:18 am
Location: Netherlands
Contact:

Postby Coditor » Sat Mar 25, 2006 2:12 pm

This is regarding security.

If you use common variables like $debug or $showerrors in your code, and you have enabled register_globals, a hacker can build an HTML page with the form as you displayed, and submit it to your PHP script. The variables from the form are automatically loaded into your php script and suddenly you're showing debug output and/or errors...

Another good reason to disable register_globals and to hide error messages by default.

Coditor


Return to “HTML Basics”

Who is online

Users browsing this forum: No registered users and 1 guest