register_global off

melkior_inactive · 04-04-2007 12:49 PM

Originally Posted by Piotrek

I've read that $_GET table is rather not recommended for the reason the variables and values are also passed to the script in the url so they may be hacked the same way you described, right?

They're not recommended for logins, but for other parts of the script they are OK.
Logins are best managed by $_COOKIE and checking the data against the user database (username and the hashed password).

Piotrek · 04-04-2007 12:55 PM

And yes, you could hack the script with admin.php?login=true, but that wasn't the point. I was just giving an example of some kind of access to the admin part.

Yes, I know, sorry for pestering ;P

But when I get some free time, I'll create one.

Wow, this would be awesome!

And I appreciate the advice about passwords, I will keep it in mind

Thanks very much!
Piotrek

**norbertwarne** · 10-15-2010 09:21 AM

Well, if they are on than somebody with too much time on his hands could hack your site well. He could inject variables into your book absent any troubles.

**rashidbm** · 06-06-2011 06:25 PM

I was wondering and very useful topic and post.

Webmaster SEO Tools, Resources, Web Hosting, Discussion Forums

Thread: register_global off

LinkBack

Thread Tools

Display

Thread Information

Users Browsing this Thread

Bookmarks

Bookmarks

Posting Permissions