What risks are there in using extracted PHP superglobals?
Posted
by Zephiro
on Stack Overflow
See other posts from Stack Overflow
or by Zephiro
Published on 2010-05-29T06:00:34Z
Indexed on
2010/05/29
7:52 UTC
Read the original article
Hit count: 308
Hola usando estas funciones, que riesgo corro en tener problemas de seguridad, es necesesario usar extract() o hay alguna manera mejor de convertir las variables superglobales (array) en trozos de variables.
Good, there is some risk in using the function extract in the superglobal variables as $_POS and $_GET, I work of the following way.
There is risk of SQL INJECTION or there is an alternative to extract
if ( get_magic_quotes_gpc() ) {
$_GET = stripslashes( $_GET );
$_POST =stripslashes( $_POST );
}
function vars_globals($value = '') {
if (is_array ( $value ))
$r = &$value;
else
parse_str ( $value, $r );
return $r;
}
$r = vars_globals( $_GET );
extract($r, EXTR_SKIP);
© Stack Overflow or respective owner