I was checking my script for vulnerabilities and was shocked the way i used to do in the past which is extremely insecure: foreach ($_GET as $key => $value){ $$key = $value; } or shorter extract( $_GET ); I altered with firebug some POST/GET variables to match a name i used in my script. they can be overwritten if the name would be guessed correctly. So i thought i had to do it individually naming like this: $allowed_vars = $allowed_vars = array("time","hotfile","netload","megaupload","user","pfda","xyz","sara","amount_needed"); foreach ($_GET as $key => $value) { if (in_array($key,$allowed_vars)) { $$key = $value; } } This way saves some time than naming them individually. What kind of automation have to be used for this?
Cisco Certified Network Associate Exam,640-802 CCNA All Answers ~100/100. Daily update