bruce wrote:
hi chris... for the initial post, it does/did matter for register_globals to be on/off. in your reply, you use a $_GET[..] for the $path var. in the initial post that i saw, (which i replied to), the $path var was simply used, without the $_GET[..]. it's my understanding (recollection) that if the register_globals is on, then php will automatically generate and fill vars based on the query var. whereas, if the register_globals is off, the app has to specifically 'assign' the var via the $GET/$POST... feel free to correct if something was/is missed. other than that, what you have stated is completely correct as i understand php to work.
Fair enough. My point was it's not *just* a register-globals problem, rather it can also be a simple "trusting" issue (ie you're trusting the user data rather than checking it).
-- Postgresql & php tutorials http://www.designmagick.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php