Home > Archive > PHP Language > August 2005 > QUERY_STRING clarification
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
QUERY_STRING clarification
|
|
| PhilM 2005-08-12, 10:26 pm |
| from php.net
$_SERVER is a superglobal.
So, if I have it right, with register_globals=on, I can access $QUERY_STRING
direct, but with register_globals=off, I would need to access $QUERY_STRING
with $_SERVER['QUERY_STRING ']
Now if my scripts were written in a register_globals=on environment, but
that alters to 'off', is it 'safe' to simply reassign the variable this way
at the first convenient moment?
$QUERY_STRING = $_SERVER['QUERY_STRING '];
| |
|
| For QUERY_STRING, I see no harm. However, I'm not a security expert. :P
-Wes
| |
| ZeldorBlat 2005-08-14, 3:59 am |
| It's perfectly safe. Register globals isn't dangerous in and of itself
-- it's the misuse of it that is unsafe. In this case, you've
guaranteed that the variable called $QUERY_STRING is in fact the same
as $_SERVER['QUERY_STRING'] so you're ok.
With register globals on, the danger is that someone could potentially
set the value of $QUERY_STRING through a GET, POST, or cookie variable
and you would never know the difference.
| |
|
|
"ZeldorBlat" <zeldorblat@gmail.com> wrote in message
news:1123992688.505008.109940@g43g2000cwa.googlegroups.com...
> It's perfectly safe. Register globals isn't dangerous in and of itself
> -- it's the misuse of it that is unsafe. In this case, you've
> guaranteed that the variable called $QUERY_STRING is in fact the same
> as $_SERVER['QUERY_STRING'] so you're ok.
>
> With register globals on, the danger is that someone could potentially
> set the value of $QUERY_STRING through a GET, POST, or cookie variable
> and you would never know the difference.
>
Thx for that...
I thought that may be the case, but wasn't real certain.
Angst now somewhat nullified :)
|
|
|
|
|