Menu
Take this code:
<?php
if (isset($_POST['action']) && !empty($_POST['action'])) {
$action = $_POST['action'];
}
if ($action) {
echo $action;
}
else {
echo 'No variable';
}
?>
And then access the file with ?action=test Is there any way of preventing $action from automatically being declared by the GET? Other than of course adding
&& !isset($_GET['action'])
Why would I want the variable to be declared for me?
815
Check your php.ini for the register_globals setting. It is probably on, you want it off.
Why would I want the variable to be declared for me?
You don't. It's a horrible security risk. It makes the Environment, GET, POST, Cookie and Server variables global (PHP manual). These are a handful of reserved variables in PHP.
171
Looks like register_globals in your php.ini is the culprit. You should turn this off. It's also a huge security risk to have it on.
If you're on shared hosting and can't modify php.ini, you can use ini_set() to turn register_globals off.
28
Set register_globals to off, if I'm understanding your question. See http://us2.php.net/manual/en/language.variables.predefined.php
23
if you don't have access to the php.ini, a ini_set('register_globals', false) in the php script won't work (variables are already declared)
An .htaccess with:
php_flag register_globals Off
can sometimes help.
45
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
