What is the best way to prevent users spoofing internal values in a PHP application by passing said variables in the URL?

In: PHP

[Edit]

Answer

You will want to set Register Globals to OFF
This can be done through the php.ini file, or if you do not own the server through a .htaccess file.

In the htaccess file put:
php_value register_globals 0

If you want the functionality of register globals without the security holes, then if you are reading values from sessions or cookies, use the Superglobal reference i.e.:
$_SESSION['username']
$_COOKIE['grant_access']

First answer by ID407871306. Last edit by ID407871306. Question popularity: 18 [recommend question]

Research your answer:

Can you answer other questions about php computer programming?

Answers.com > Wiki Answers > Categories > Technology > Computers > Computer Programming > PHP > What is the best way to prevent users spoofing internal values in a PHP application by passing said variables in the URL?

Our contributors said this page should be displayed for the questions below. (Where do these come from

)

If any of these are not a genuine rephrasing of the question, please help out and edit these alternates.

Wat is spoofing? What is web spoofing? What is url spoofing? How do you prevent php injection? What does this mean Application URL must be at most 16 characters in length?