Check out Scrivo

Do you want to try out Scrivo? Then here's a demo for you that does not just get your feet wet but lets you plunge right in.

Contact us

For more information, please contact us. We're happy to help you out!

Next Sep 20 Previous

Item 547230

Which of the following superglobals can be expected to contain compromised data, check all that apply:

A: $_POST
B: $_SESSION
C: $_REQUEST
D: $_SERVER
E: $_GET

Answer

Of course $_POST, $GET and $_REQUEST (and $_COOKIE) can be exptected to contain about anything that you do not expect. As developer you know how easy it is to manipulate a query string or to post data to some Web application so treat this data with proper caution, always.

$_SERVER suggest only server data but that's not true. It contains lots of client data that could have been compromised. Just do a var_dump($_SERVER) to see for yourself. This is also true for the less well known $_ENV superglobal which can contain the values of CGI variables for instance.

$_SESSION is the only superglobal that you can trust because that one only contains data that you put in there yourself.