Board index   FAQ   Search  
Register  Login
Board index php forum :: HTML HTML Basics
Print view

explanation only

Discussing Html . Code , Software , other

Moderators: macek, egami, gesf

Post a reply

explanation only

Postby red fox » Fri Mar 24, 2006 8:17 am

hi
i need explanation to this code i read it on php manual
like action and the value "y' all things like this
Code: Select all
<form method="post" action="attacktarget?errors=Y&amp;showerrors=1&amp;debug=1">
<input type="hidden" name="errors" value="Y" />
<input type="hidden" name="showerrors" value="1" />
<input type="hidden" name="debug" value="1" />
</form>
red fox
New php-forum User
New php-forum User
 
Posts: 39
Joined: Tue Nov 22, 2005 8:14 am
Top

Postby Coditor » Sat Mar 25, 2006 2:12 pm

This is regarding security.

If you use common variables like $debug or $showerrors in your code, and you have enabled register_globals, a hacker can build an HTML page with the form as you displayed, and submit it to your PHP script. The variables from the form are automatically loaded into your php script and suddenly you're showing debug output and/or errors...

Another good reason to disable register_globals and to hide error messages by default.

Coditor
Coditor
New php-forum User
New php-forum User
 
Posts: 243
Joined: Wed Feb 01, 2006 9:18 am
Location: Netherlands
Top
Post a reply

Return to HTML Basics

Who is online

Users browsing this forum: No registered users and 1 guest

Sponsored by Sitebuilder Web hosting and Traduzioni Italiano Rumeno and antispam for cPanel.

Powered by phpBB® Forum Software © phpBB Group
© Supernova Style by Boardtalk.net Originally by Christian Bullock