tag:blogger.com,1999:blog-4011014989794846409.post7613799249391410506..comments2023-08-21T12:46:05.867+02:00Comments on Visual Acuity: A useful shortcut in PHP 5Francis Lacléhttp://www.blogger.com/profile/14179340755953476804noreply@blogger.comBlogger2125tag:blogger.com,1999:blog-4011014989794846409.post-91165516340418311242010-12-10T14:15:26.762+01:002010-12-10T14:15:26.762+01:00Ha Thijs, correct me if I'm wrong but aren'...Ha Thijs, correct me if I'm wrong but aren't these as secure as using standard $_GET variables? The only difference is that here you would get an extra $x variable besides just a $_GET['x']. If I don't have this implemented and I add something like &hack=bla in the URL, then PHP would generate $_GET['hack']=bla. Because I'm not doing anything with $hack or $_GET['hack'] in my own code nothing would happen to it. The only risk is when the value of 'hack' would get injected with another value, which isn't really a risk because sensitive data are either stored in POST or SESSION vars.Francis Lacléhttps://www.blogger.com/profile/14179340755953476804noreply@blogger.comtag:blogger.com,1999:blog-4011014989794846409.post-62569933883485250782010-12-08T01:43:46.074+01:002010-12-08T01:43:46.074+01:00Isn't this unsafe? Reminds me a lot of "r...Isn't this unsafe? Reminds me a lot of "register globals" which becomes deprecated in PHP6 with good reason.Thijs Zumbrinkhttps://www.blogger.com/profile/07747134529043297402noreply@blogger.com