19.04.2017, 15:33
Quote:
I just want to note that you shouldn't use the superglobals directly because it makes your site very vulnerable to XSS attacks. While real_escape_string may strip some sensitive symbols I reckon it would still be possible to insert arbitrary HTML and/or Javascript code. Have a look at http://php.net/manual/en/function.filter-input.php
|
PHP код:
$user_ID = filter_input(INPUT_GET, '$row[ID]', FILTER_SANITIZE_NUMBER_INT);
The question is, how do I make those global? I wasn't aware of those possible attacks as I am still learning, all tutorials that I've read were teaching me to use session variables and noone of those mentioned anything about a safe way to do them.