[AndreiWow]

Quote:

Originally Posted by Vince I just want to note that you shouldn't use the superglobals directly because it makes your site very vulnerable to XSS attacks. While real_escape_string may strip some sensitive symbols I reckon it would still be possible to insert arbitrary HTML and/or Javascript code. Have a look at http://php.net/manual/en/function.filter-input.php

So I should use something like:

PHP код:

$user_ID = filter_input(INPUT_GET, '$row[ID]', FILTER_SANITIZE_NUMBER_INT); 


for all the variables?

The question is, how do I make those global? I wasn't aware of those possible attacks as I am still learning, all tutorials that I've read were teaching me to use session variables and noone of those mentioned anything about a safe way to do them.