Using $_Server for contact

#1

Strider64 mentioned this in a previous post of mine -

‘First I would get away from using $_SERVER for that is going to cause you security issues down the road.’

My question is why? If I am implementing htmlspecialchars for the inputs + other filtering methods, can this still be exploited?

Can you elaborate?

#2

Well, $_SERVER is a special array which is called a SUPERGLOBAL. It’s not really supposed to be used
for general use. It is used to acquire settings in the server system.

Here is a link that talks about a couple exploits that can occur…

https://markjaquith.wordpress.com/2009/09/21/php-server-vars-not-safe-in-forms-or-links/

There are many others, but, here is just one more that talks about it.

http://www.mc2design.com/blog/article/serverphp_self-can-not-be-trusted-but-there-are-safe-alternatives

Everything is safe if you prepare for it. But, some PHP arrays are for special uses only. Not sure if this
really answers you or not, but, gives you some viewpoints of others. Hope it helps a little…

PS: you can always private-message Strider64 and ask him for more complete info…

#3

I have learned a lot from you about this.

#4

Well, hope the info I posted helped you. Did you have any further questions on using the server array
for general uses? If not let us know so we can mark this thread solved…

If you have further questions ask them… that is what we are here for…

PS: I never you that server array unless I am pulling special info from the server…

#5

Ernie, you got played by a bot…

#6

LOL…