Magic quotes? Should I still be cautious? - Page 4

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

Re: Magic quotes? Should I still be cautious?

On 1/7/2012 12:08 PM, Thomas Mlynarczyk wrote:
Quoted text here. Click to load it

I know what page(s) can legitimately access the page in question.
Operations which change the database can only be accessed via POST
operations, for instance.  Accessing them via GET will not do anything.

But then my pages process the data entered, also.  For instance, if
someone wants to log in, they can access the page via GET, in which case
the page will only be displayed.  When they enter their userid and
password, the form's action directs to the same page as a POST. When the
POST operation comes in (and only then), the userid and password are
validated, and if correct, redirect to the next page via a header() call.

And no, I do NOT want these values to come in via a cookie or a GET request.

Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.

Site Timeline