PHP $_SERVER variables are not safe for use in forms, link << Mark on WordPress

I found this on my WordPress news thang when I logged in today. Another WordPress user decided to write this article so that other developers would know that $_SERVER variable is NOT safe.

Even though Mark just talks about forms I would recommend you never use a $_SERVER variable, there are better and more secure ways to gain server information. It is so important that developers who do not know this understand that $_SERVER variable are NOT fine within your pages and you should always seek a workaround.

The server variable is not safe raw however certain variables can be used in your code (such as REMOTE_ADDR etc). But I stand by what I said like 2 years ago, that PHP_SELF is “evil”.

Who’s the stupid one now? 😛


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s