Sebastian wrote:
> if the script isn't that big you can probably use extract() in most
> cases..
NOTE: Using extract() blindly import all the variables in
$_GET/$_POST/$_REQUEST is no more safe than register_globals being "ON"
Don't get a false sense of "Security"
Also, it would be rather tricky for ini_set to change register_globals...
I mean, by the time you execute that line of PHP code, it's already TOO
LATE and the variables have already been defined.
What would one expect PHP to do in this case:
<?php
$a = 5;
ini_set('register_globals', 'off');
?>
So if I surf to http://example.com/index.php?a=4
would you expect the above code to:
A) Leave $a at 5
B) Leave $a 'unset'
C) Generate an error
D) Leave $a at 4
Okay, D) isn't even a reasonable answer, but, really, none of the others
are either.
--
Like Music?
http://l-i-e.com/artists.htm
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
