This six-minute video explores the security issues and differences between the superglobals $_GET, $_POST, and $_REQUEST, as well as the problematic register_globals option.

Click To Play

Links for PHP Day 10: Security Issues with Superglobals and register_globals

Security issues and differences between superglobals $_GET, $_POST, and $_REQUEST:

• PHP Get – Overview of the $_GET superglobal array.
• PHP Post – Overview of the $_POST superglobal array.
• Essential PHP Security Chapter 2 – Forms and URLS (PDF file) – A free sample chapter from the book Essential PHP Security by Chris Shiflett. I didn’t understand all of it, but it has some great explanations and examples of several exploits.

About register_globals:

• Programming: PHP: Register Globals – A short overview of the problem with register_globals.
• PHP: Using Register Globals – More details from the security section of the PHP manual.

Turning off register_globals:

• Using a php.ini File – A good, basic overview.
• .htaccess Tutorial – General info on the .htaccess file.
• To turn off register_globals through the .htaccess file, just write “php_flag register_globals off” in it.

Originally I planned to cover PHP security in one video, but then I ended up spending half my day yesterday just reading about PHP security issues! Needless to say, I’ll be revisiting this topic.