What risks are there in using extracted PHP superglobals?

Posted by Zephiro on Stack Overflow See other posts from Stack Overflow or by Zephiro
Published on 2010-05-29T06:00:34Z Indexed on 2010/05/29 7:52 UTC
Read the original article Hit count: 308

Filed under:
|

Hola usando estas funciones, que riesgo corro en tener problemas de seguridad, es necesesario usar extract() o hay alguna manera mejor de convertir las variables superglobales (array) en trozos de variables.


Good, there is some risk in using the function extract in the superglobal variables as $_POS and $_GET, I work of the following way.

There is risk of SQL INJECTION or there is an alternative to extract

if ( get_magic_quotes_gpc() ) {
 $_GET = stripslashes( $_GET );
 $_POST =stripslashes( $_POST );
}

  function vars_globals($value = '') {
   if (is_array ( $value ))
        $r = &$value;
    else
        parse_str ( $value, $r );

      return  $r;
   }

   $r = vars_globals( $_GET );

    extract($r, EXTR_SKIP);

© Stack Overflow or respective owner

Related posts about php

Related posts about extract