Jason Wong wrote: > With register_globals enabled, the problem is not with the $_POST, $_GET > etc variables (although yes you should always validate data when they come > from untrusted sources). The problem is that malicious users can pollute > your namespace and if you do not initialise variables properly before > using them your application can be compromised. As I mentioned, I always initialise variables. I'm no programmer, but it just makes sense to me that if a variable exists, it should have some sort of default value. -- @+ Steve -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
