$info['featured'] ????

jasondavis

Ok Im really confused I have a script that does this

$sql="select * from friend_reg_user where email='$login_name' and password='$pswd' and status='Active'";
$result=executeQuery($sql);


if($line=mysql_fetch_array($result)){
	@extract($line);
	$info['auto_id']  =   $auto_id;
	$info['email'] 	 =	$email;
	$info['fname']	  =	$fname;
}

then on another page I am able to use

$info[auto_id]

I guess I can't figure out, why does this value work on another page?

jasondavis

in 1 of the included files there is also this could it have something to do with it?

@extract($_ENV);
@extract($_SESSION);
@extract(ms_addslashes($_GET));
@extract(ms_addslashes($_POST));
@extract($_FILES);
@extract($_COOKIE);
@extract($_SERVER);

NogDog

My guess would be that the $info array is saved to the $_SESSION array.

PS: All that extract() stuff looks pretty hazardous. Imagine a situation where you look for a value called 'username' in the $SESSION variable to see if the user has logged in. If the script is doing that by looking at the variable $username extracted from $SESSION, but a malicious user sends a query string variable or a cookie named 'username' with some reasonable value, it would overwrite the variable extracted from $_SESSION, and voilà, he's now logged in. And even if no one is trying to hack the site, all those extracts could still potentially have one inadvertently overwrite another one, or clash with any other variables you use without initializing them after the extracts.