Hello Jason,
Thursday, April 28, 2005, 4:23:43 PM, you wrote:
JB> Indeed... and replace ?a=22 with ?first=22 in my message as well. JB> :-/
Heh.. ok :)
No worries, demonstrated to me that RegGlobs aren't quite as destructive as popular myth would lead you to believe (not that it'll make me start using them mind you)
Best regards,
Richard Davey
You're right. The truth is that you *can* code securely with register_globals on, but it is more difficult than having it turned off. AFAIK the main problem with it is that if you forget to initialize your global variables for something (which might include some $user_auth type variable) then users can easily send bogus information. And even with this the order in which global variables get initialized can affect register_globals. So instead we just scare all of the new PHP coders by telling them about the RegGlobs boogie man.
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php