php.net doc wrote:By turning off the ability for any user-submitted variable to be injected into PHP code, you can reduce the amount of variable poisoning a potential attacker may inflict. They will have to take the additional time to forge submissions, and your internal variables are effectively isolated from user submitted data.
bezmond wrote:make your form submit as EITHER POST or GET, I recommend POST... to retrieve a variable, you then use:
Code: Select all
$variable = $_POST["variable"];
bezmond wrote:yeah sorry, meant to add...
if you use GET, you should do:
$variable = $_GET["variable"];
as I said, I suggest using POST, as GET sends variables in the URL, e.g. http://www.nowhere.com/file.php?x=1&y=2
bezmond wrote:ok ok, personally, I prefer POST... the majority of forms I've used on my website send information that I need to keep secured, e.g. a username, password etc... so I use POST to help me that little bit more...
the other way, would be to encrypt it... e.g. submit everything with md5($variable) I suppose, but that's long-winded...
Users browsing this forum: Bing [Bot] and 1 guest