Home Backend Development PHP Tutorial There are no security holes in php, haha. Pay attention_PHP tutorial

There are no security holes in php, haha. Pay attention_PHP tutorial

Jul 13, 2016 pm 05:08 PM
php php.ini post Security vulnerability Notice want

If register_globals = On in your php.ini, all post, get, cookie, and session variables with the same name will be mixed together.
You can use $HTTP_*_VARS["username"] to determine which variable you want. .
But even if they have the same name, variables_order = "GPCS" in php.ini will be judged according to the priority level. A lower-level value cannot override a higher-level value
So, if you use session_register(" from the beginning username") is wise, you can also use session_is_registered to determine whether the variable has been registered.
This is an example:
if (!session_is_registered("username")) {
$user_name= "";
Session_register("username");
}
At the same time, ensure that in your php.ini, variables_order = "GPCS" (default) S means that session should be placed last and take priority.
register_globals = On Some waste system resources and are turned off in the optimization configuration, which also avoids so-called loopholes.
Because I have encountered this problem before, I would like to give it a reference.

www.bkjia.comtruehttp: //www.bkjia.com/PHPjc/629805.htmlTechArticleIf register_globals = On in your php.ini, all post, get, cookie, session variables with the same name will To mix it all together, you can use $HTTP_*_VARS[username] to determine which variable you want. But...
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot Article Tags

Notepad++7.3.1

Notepad++7.3.1

Easy-to-use and free code editor

SublimeText3 Chinese version

SublimeText3 Chinese version

Chinese version, very easy to use

Zend Studio 13.0.1

Zend Studio 13.0.1

Powerful PHP integrated development environment

Dreamweaver CS6

Dreamweaver CS6

Visual web development tools

SublimeText3 Mac version

SublimeText3 Mac version

God-level code editing software (SublimeText3)

PHP 8.4 Installation and Upgrade guide for Ubuntu and Debian PHP 8.4 Installation and Upgrade guide for Ubuntu and Debian Dec 24, 2024 pm 04:42 PM

PHP 8.4 Installation and Upgrade guide for Ubuntu and Debian

CakePHP Date and Time CakePHP Date and Time Sep 10, 2024 pm 05:27 PM

CakePHP Date and Time

CakePHP Project Configuration CakePHP Project Configuration Sep 10, 2024 pm 05:25 PM

CakePHP Project Configuration

CakePHP File upload CakePHP File upload Sep 10, 2024 pm 05:27 PM

CakePHP File upload

CakePHP Routing CakePHP Routing Sep 10, 2024 pm 05:25 PM

CakePHP Routing

Discuss CakePHP Discuss CakePHP Sep 10, 2024 pm 05:28 PM

Discuss CakePHP

CakePHP Quick Guide CakePHP Quick Guide Sep 10, 2024 pm 05:27 PM

CakePHP Quick Guide

How To Set Up Visual Studio Code (VS Code) for PHP Development How To Set Up Visual Studio Code (VS Code) for PHP Development Dec 20, 2024 am 11:31 AM

How To Set Up Visual Studio Code (VS Code) for PHP Development

See all articles