开发者

Using a foreach loop to get create variables from $_POST security issues?

开发者 https://www.devze.com 2023-04-10 06:07 出处:网络
In the past I have used the follo开发者_如何转开发wing to create variables from a posted form.

In the past I have used the follo开发者_如何转开发wing to create variables from a posted form.

foreach($_POST as $k=>$v)
{
    $$k = $v;
}

What are the security risks associates with using this method?

im trying some test atm. how about this version where it removes anything that is not a letter or number before making the variable?

foreach($_POST as $k=>$v)
{
    $k = preg_replace("/[^[:alnum:]]/","",$k);
    $$k=$v;
}


An attacker can inject a POST variable called _SESSION and by that write data in your session so you can't trust your session anymore.

0

精彩评论

暂无评论...
验证码 换一张
取 消