Security - Variable injection - 1
The issue: Unintialized variables can lead for unexpected code segments to be executed.
]]>
The solution: Initialize your variables
Never trust ANY user input.
Common XSS example: This request will open an JavaScript alert window with text "XSS".
">
Request: http://example.com/tests/simple.php/%22%3E%3Cscript%3Ealert('xss')%3C/script%3E%3Cfoo
]]>
Variables containing user input: $_POST, $_GET, $_REQUEST, $_COOKIE, $_SERVER, ($_ENV)