explanation only

Discussing Html . Code , Software , other

Moderators: egami, macek, gesf

Post Reply
red fox
New php-forum User
New php-forum User
Posts: 39
Joined: Tue Nov 22, 2005 8:14 am

Fri Mar 24, 2006 8:17 am

i need explanation to this code i read it on php manual
like action and the value "y' all things like this

Code: Select all

<form method="post" action="attacktarget?errors=Y&showerrors=1&debug=1">
<input type="hidden" name="errors" value="Y" />
<input type="hidden" name="showerrors" value="1" />
<input type="hidden" name="debug" value="1" />

New php-forum User
New php-forum User
Posts: 243
Joined: Wed Feb 01, 2006 9:18 am
Location: Netherlands

Sat Mar 25, 2006 2:12 pm

This is regarding security.

If you use common variables like $debug or $showerrors in your code, and you have enabled register_globals, a hacker can build an HTML page with the form as you displayed, and submit it to your PHP script. The variables from the form are automatically loaded into your php script and suddenly you're showing debug output and/or errors...

Another good reason to disable register_globals and to hide error messages by default.


Post Reply