Sancar Saran schreef:
On Wednesday 16 January 2008 15:33:04 Jochem Maas wrote:
tbt schreef:
Hi,
I'm a newbie to php and i would like to set register_globals to 'on' from
my php script itself(eg:- index.php). Is there any way of doing this.
you think you would like that. but you are wrong. register_globals is a
security risk in the hands of someone who doesn't know exactly what they
are doing.
besides which register_globals is depreciated. also you can search the
list archives for lots of posts that explain why register_globals is evil.
learn how to write your script without using register_globals - ask here if
you get stuck (but don't forget the manual!).
Thanks
Hell frezezer over.
odd verb. but I get the message. indeed it's seem it hath freezeth nicely.
Me thinks regsiter_globals are evil too.
And what about this
session_start();
$_SESSION['refString'] = $_GET['refNo'];
what about it?
1. you mean the fact that the GET val is not sanitized?
2. or the oddness of 'refNo' becoming 'refString' (is it a string, a number, superman)?
3. or the direct use of $_SESSION and the lack of specific session cookie settings?
1. is evil, 2. is odd and 3. is a change recommendation ... if you ask me.
Sancar
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
