Variable Origins
Moderator: General Moderators
-
randomblink
- Forum Commoner
- Posts: 51
- Joined: Wed Jan 28, 2004 11:27 am
- Location: Tulsa, Oklahoma, just this side of hell...
- Contact:
Variable Origins
Ok...
I have been playing this PHP-Based game and I have found out that it is possible to manipulate the game by passing variables through the URL. I am working on my own game that I want to base on PHP and I have to ask...
How do you tell if a variable was sent via a form? Or via a URL?
Is there a way?
I have been playing this PHP-Based game and I have found out that it is possible to manipulate the game by passing variables through the URL. I am working on my own game that I want to base on PHP and I have to ask...
How do you tell if a variable was sent via a form? Or via a URL?
Is there a way?
-
d3ad1ysp0rk
- Forum Donator
- Posts: 1661
- Joined: Mon Oct 20, 2003 8:31 pm
- Location: Maine, USA
-
d3ad1ysp0rk
- Forum Donator
- Posts: 1661
- Joined: Mon Oct 20, 2003 8:31 pm
- Location: Maine, USA
-
d3ad1ysp0rk
- Forum Donator
- Posts: 1661
- Joined: Mon Oct 20, 2003 8:31 pm
- Location: Maine, USA
-
d3ad1ysp0rk
- Forum Donator
- Posts: 1661
- Joined: Mon Oct 20, 2003 8:31 pm
- Location: Maine, USA
haha.
speak of such and such shall appear! But I am not following dull here.
genericly speaking, POST was meant to be mated with forms, GET was meant to be mated with vars in the URL.
But chipmunks are beasts that are know to hump anything, even a turtle.
so there are flexes, of course.
Over-all general'ness, I will back punk 100%
speak of such and such shall appear! But I am not following dull here.
genericly speaking, POST was meant to be mated with forms, GET was meant to be mated with vars in the URL.
But chipmunks are beasts that are know to hump anything, even a turtle.
so there are flexes, of course.
Over-all general'ness, I will back punk 100%
-
d3ad1ysp0rk
- Forum Donator
- Posts: 1661
- Joined: Mon Oct 20, 2003 8:31 pm
- Location: Maine, USA
- twigletmac
- Her Royal Site Adminness
- Posts: 5371
- Joined: Tue Apr 23, 2002 2:21 am
- Location: Essex, UK
Re: Variable Origins
And people wonder why register_globals should be disabled lol. Basically as others have said, the way to work around this is to ensure that you use the correct superglobal array so that session variables, cookie variables and post variables cannot be overwritten by url values.randomblink wrote:Ok...
I have been playing this PHP-Based game and I have found out that it is possible to manipulate the game by passing variables through the URL.
Mac
-
randomblink
- Forum Commoner
- Posts: 51
- Joined: Wed Jan 28, 2004 11:27 am
- Location: Tulsa, Oklahoma, just this side of hell...
- Contact:
twigletmac
Alright...
You say register_globals should disabled?
Please explain...
Am I to understand you correctly?
If I disable register_globals then my vars won't be overwritten by the URL values?
Please tell me more...!
Thanks...
You say register_globals should disabled?
Please explain...
Am I to understand you correctly?
If I disable register_globals then my vars won't be overwritten by the URL values?
Please tell me more...!
Thanks...
- twigletmac
- Her Royal Site Adminness
- Posts: 5371
- Joined: Tue Apr 23, 2002 2:21 am
- Location: Essex, UK
If you disable register_globals then you have to use the superglobal arrays - $_POST, $_GET, $_SESSION and $_COOKIE, so a value in $_POST cannot be overwritten by one in $_GET, one in $_SESSION can't be overwritten by one in $_GET. You also look at your code and know exactly where you expect data to come from.
Mac
Mac
