Learning PHP and MySQL
Monday, September 25, 2006
Example 14-4 Not initializing a variable was a hole in sample.php
<?php
if (check_username_and_password()) {
//they logged in successfully
$access = TRUE;
}
if ($access) {
echo "Welcome to the administrative control panel.";
//more privileged code here…
}
else {
echo "Access denied";
}
?>
The value for $access of TRUE from the GET parameter would cause the check for access to return TRUE when register_globals is on. Modifying the code to look like this:
<?php
//predefining the value is good coding practice anyway
$access = FALSE;
if (check_username_and_password()) {
//they logged in successfully
$access = TRUE;
}
if ($access) {
echo "Welcome to the administrative control panel.";
//more privileged code here…
}
else {
echo "Access denied";
}
?>
This causes the correct message to come up.
Posted by krautgrrl on 09/25 at 02:39 PM
Chapter 14 Code • (2) Comments • (0) Trackbacks • Permalink
Chapter 14 Code • (2) Comments • (0) Trackbacks • Permalink
Statistics
This page has been viewed 407364 times
Page rendered in 0.1111 seconds
Total Entries: 224
Total Comments: 16
Total Trackbacks: 307338
Most Recent Entry: 09/27/2006 12:39 pm
Most Recent Comment on: 10/26/2007 10:00 am
Total Members: 2
Total Logged in members: 0
Total guests: 11
Total anonymous users: 0
Most Recent Visitor on: 05/19/2012 06:36 am
The most visitors ever was 1103 on 11/20/2007 12:50 pm
