Board index   FAQ   Search  
Register  Login
Board index php forum :: HTML HTML Basics

explanation only

Discussing Html . Code , Software , other

Moderators: macek, egami, gesf

explanation only

Postby red fox » Fri Mar 24, 2006 8:17 am

hi
i need explanation to this code i read it on php manual
like action and the value "y' all things like this
Code: Select all
<form method="post" action="attacktarget?errors=Y&amp;showerrors=1&amp;debug=1">
<input type="hidden" name="errors" value="Y" />
<input type="hidden" name="showerrors" value="1" />
<input type="hidden" name="debug" value="1" />
</form>
red fox
New php-forum User
New php-forum User
 
Posts: 39
Joined: Tue Nov 22, 2005 8:14 am

Postby Coditor » Sat Mar 25, 2006 2:12 pm

This is regarding security.

If you use common variables like $debug or $showerrors in your code, and you have enabled register_globals, a hacker can build an HTML page with the form as you displayed, and submit it to your PHP script. The variables from the form are automatically loaded into your php script and suddenly you're showing debug output and/or errors...

Another good reason to disable register_globals and to hide error messages by default.

Coditor
Coditor
New php-forum User
New php-forum User
 
Posts: 243
Joined: Wed Feb 01, 2006 9:18 am
Location: Netherlands


Return to HTML Basics

Who is online

Users browsing this forum: No registered users and 1 guest

Sponsored by Sitebuilder Web hosting and Traduzioni Italiano Rumeno and antispam for cPanel.