There is understandably a lot of emphasis on sanitizing user input handed off to PHP on a Web Server and numerous opinions on doing it.
Can someone please confirm there is no security problems with the following PHP code which may compromise the server through an exploit:
if($_SERVER['QUERY_STRING'] == "kjg68KGH$88@kjhik8768"){
$_SERVER['QUERY_STRING']=NULL;
do stuff
} else {
$_SERVER['QUERY_STRING']=NULL;
do other stuff
}
or
if($_POST['the-var'] == "kjg68KGH$88@kjhik8768"){
$_POST=[];
do stuff
} else {
$_POST=[];
do other stuff
}
If there is ( I do not see how there could be) then why? Thankyou.
