Quote:
Originally Posted by trache
Use the PHP $_* family of variables ($_GET, $_POST, $_SERVER) instead of registered globals (for example, the "id" field in my reply above would be $_GET['id']) which would normally let you use $id (hackers can write a script that will attack your server manually using the HTTP headers and they can perform a POST request and change the url with a ?id= on the end and your script could use the GET url?id= and have that variable changed quite easily). Hopefully that last sentence wasn't too confusing!
|
Heh, I'm at a moderate point of coding in PHP and I barely grasped that

What he's saying here is that in a webpage address, now this is for the new programmers out there, that you can form a url that contains data that will be used in the next webpage.
So I could create a link onto a page that was like
www.mypage.com/index.php?name=Fallon&site=TFP
It has two variables in it, name and site
Now, on index.php, you could have a variable that checks the URL of the page, and it sees the ? so it says, Hey, there's some good shit in this url, and it's shit I can use. To get the two variables, you'd do $_GET['name'] which would return Fallon and $_['site'] would return TFP. Now you could enter those into your index.php page anywhere you'd like and use accordingly. Now a hacker could be like, "well well well... I can be a evil hacker and break stuff and whatnot" So they could manually type into their browser
http://www.mypage.com/index.php?name...te=I_love_porn
That's a bit simplistic but you can see where things may go wrong in that example.