Frank_Rizzo - 9:05 pm on Dec 8, 2010 (gmt 0)

Sounds like you have register globals on in php. This would convert all gets to the corresponding var name.

It's a big security risk. You should turn register globals off and code the vars from $_GET.

Note that it is also unwise to directly use data from $_GET without sanitising it. The following would be more secure:


$search='';
$fordom='abc'; // default fordom or blank
$category='xyz'; // default category or blank

if(isset($_GET['search'])) $search = substr(filter_var($_GET['search'], FILTER_SANITIZE_STRING), 0, 25);
if(isset($_GET['fordom'])) $fordom = substr(filter_var($_GET['fordom'], FILTER_SANITIZE_STRING), 0, 5);
if(isset($_GET['category'])) $category = substr(filter_var($_GET['category'], FILTER_SANITIZE_STRING), 0, 5);

This will limit the size of data which can be entered and sanitize the string to prevent some exploits.

[php.net...]