Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The real problem is: "extract($_POST); extract($_GET); extract($_COOKIE);"

For more information on extract: http://www.php.net/extract



Docu on extract():

    Description 
       Import variables from an array into the current symbol table.
       If flags is not specified, it is assumed to be EXTR_OVERWRITE.

       EXTR_OVERWRITE
          If there is a collision, overwrite the existing variable.
The danger is that any state variables set before the extract($_...)'s can be overwritten arbitrarily. This also makes it essential that any and every variable is instantiated prior to any use.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: