Changing to register_globals OFF
Posted on 2003-11-05
Right now my register_globals are ON, I heard this was a security risk because people could make fake passing vars in the URL and have the script think they auth'ed or something like that.
If I were to turn OFF register_globals, in my mysql_query() statements, where I use the forms names such as
INSERT INTO table (field) VALUES ($formfieldname)
would have to be
INSET INTO table (field) VALUES ($_POST[formfieldname])
$filetype = $_POST['filetype'];
$_SESSION['search_filetype'] = $filetype;
$filetype = $_SESSION['search_filetype'];
Like there, I'm trying to set the $filetype variable they want to search for as a session variable so they can go back and forth between the forms (like back and next buttons).
I'd like to know the most efficient ways of doing this, I'm fimilar with PHP now, just not with coding standards.