Quote:
Originally posted by SicChild
It allows people to set malicious variables. For instance, if you have a login script that checks cookies to see if you're logged in then does: if($logged_in hahahaha 1) { do stuff; }, then someone could just go like http://mydomain.com/mypage.php?logged_in=1
|
Then you get a cookie editor and set the cookie you need to have for logged_in=1 ... that easy...
register globals or not, if the programmer is not good enought you get hacked.