


There are no security holes in php, haha. Pay attention_PHP tutorial
Jul 13, 2016 pm 05:08 PM
If register_globals = On in your php.ini, all post, get, cookie, and session variables with the same name will be mixed together.
You can use $HTTP_*_VARS["username"] to determine which variable you want. .
But even if they have the same name, variables_order = "GPCS" in php.ini will be judged according to the priority level. A lower-level value cannot override a higher-level value
So, if you use session_register(" from the beginning username") is wise, you can also use session_is_registered to determine whether the variable has been registered.
This is an example:
if (!session_is_registered("username")) {
$user_name= "";
Session_register("username");
}
At the same time, ensure that in your php.ini, variables_order = "GPCS" (default) S means that session should be placed last and take priority.
register_globals = On Some waste system resources and are turned off in the optimization configuration, which also avoids so-called loopholes.
Because I have encountered this problem before, I would like to give it a reference.

Hot Article

Hot tools Tags

Hot Article

Hot Article Tags

Notepad++7.3.1
Easy-to-use and free code editor

SublimeText3 Chinese version
Chinese version, very easy to use

Zend Studio 13.0.1
Powerful PHP integrated development environment

Dreamweaver CS6
Visual web development tools

SublimeText3 Mac version
God-level code editing software (SublimeText3)

Hot Topics

PHP 8.4 Installation and Upgrade guide for Ubuntu and Debian

How To Set Up Visual Studio Code (VS Code) for PHP Development
