Article:  |
Ten Security Checks for PHP, Part 1 | |
| Subject: | Register Globals on | |
| Date: | 2003-05-26 11:13:56 | |
| From: | anonymous2 | |
|
Response to: Register Globals on
|
||
| Using POST instead of GET does not secure any script at all. Imagine creating your custom form on your local machine and directing the action to http://www.somwhere.net/someaction.php | ||
Showing messages 1 through 2 of 2.
-
Register Globals on
2007-03-01 11:52:54 andrwe [View]
-
Register Globals on
2003-09-26 17:58:53 anonymous2 [View]
how do you turn it on
$referer = $_SERVER['HTTP_REFERER'];
if ($referer != "http://www.domain.com/form.html") {
echo "nice try!";
} else {
process_form();
}
Any downside to that (other than having to change the URL upon upload)?