[NBLUG/talk] CGI programming memory lapse
matt
matt at cfxnetworks.com
Tue Jun 6 16:29:48 PDT 2006
On Monday 05 June 2006 13:10, Troy Arnold wrote:
> On Mon, Jun 05, 2006 at 01:01:10PM -0700, Chris Palmer wrote:
> > Troy Arnold writes:
> > > use CGI;
> > >
> > > $q = new CGI;
> > > print $q->header;
> > > print $q->param('foo');
> >
> > Looks like you've got a few typos and misspellings in there. For
> > example, you spelled "#!/usr/bin/perl -T\n\nuse warnings;\nuse strict\n"
> > as "". You also omitted the crucial "sanitize_input" keyword.
>
> Nice. I'll have to borrow that one. I actually prefer programming in PHP
> with register_globals on. Can't get much easier than that. ;)
>
Woah, that's a very bad idea. Never use register_globals. Never.
Think of it like this: You are putting data into MySQL and you decide to name
your variable $query. Let's say someone tries to be smart and recodes your
form and makes a field called "$query". They just injected your database.
There is no use for register_globals. Everything you had can now be accessed
in a specific array: $_POST['x'] for variables from a post form, $_GET,
$_COOKIE, and so on. It's simpler and much more secure.
>
>
> _______________________________________________
> talk mailing list
> talk at nblug.org
> http://nblug.org/cgi-bin/mailman/listinfo/talk
--
Valê,
Matt
matt at cfxnetworks.com
More information about the talk
mailing list