[nycphp-talk] Dynamically write functions
Dan Cech
dcech at phpwerx.net
Fri May 13 12:34:32 EDT 2005
Frank,
Another thought about using extract($GLOBALS) is that all of the
'superglobals' ($_SESSION,$_REQUEST,$_POST,etc) are entries in the
$GLOBALS array, so just using that by itself would probably introduce
'interesting' behaviours.
Dan
Frank Wong wrote:
>> Just be careful when using extract() as it is one of those functions you
>> look for when checking for exploitable code. ;) For example, I have
>> seen nasty stuff like extract($_POST) which is register_globals all over
>> again.
>
> Thanks for the heads up on extract. But do you see any security issues
> with extract($_GLOBALS)?
More information about the talk
mailing list