Here's something pretty good I just found:

A few years ago, my wife and I decided to go on a skiing trip up north.
To reserve skiing equipment, you had to give 24 hours advance notice
using the ski lodge's on-line website. The catch was that my wife had
asked me to make the reservations 23 hours before the deadline.

So I got to thinking, and examined the online website, which would not
let you make any reservations within the 24 hour timeframe. However,
once you selected an appropriate date, I noticed that the URL was:

[url]https://www.somewhere.com/reservations.php?date=01-23-01[/url]

It occurred to me that, while they had locked down security on what
dates I could choose from, the final value was placed into a GET
statement at the end of the web address. I modified the web address to
use "date=01-22-01" and indeed, our skies were waiting for us first
thing the next morning (we paid for them, of course).

This innocent yet practical example is just one of the dangers we have
to be aware of when using any programming language that can be used in
ways that we did not intend, which leads us into our discussion on PHP
Superglobals.

this was found on:
[url]http://hr.uoregon.edu/davidrl/lamp/php.html#PHPSUPERGLOBALS[/url]

-Michael
--
Pratt Museum IT Intern
All programmers are playwrights and all computers are lousy actors.