Strategies for Validating User Input in PHP
We turn now to strategies for validating your users' input.
Secure PHP's Inputs by Turning Off Global Variables
The PHP language itself can be tweaked so as to add a bit of protection to your scripts. You control the behavior of the language (or at least those parts of it that are subject to independent control) by setting directives in
php.ini, PHP's configuration file. In this section, we discuss one of PHP's environment settings that has an important influence on your scripts' vulnerability to user input—
register_globals. The notorious
register_globals directive was turned on by default in early versions of PHP. This was certainly a convenience to programmers, who took advantage of the fact that ...