Sancar Saran schreef:
Hello
Hell frezezer over.
odd verb. but I get the message. indeed it's seem it hath freezeth nicely.
Me thinks regsiter_globals are evil too.
And what about this
session_start();
$_SESSION['refString'] = $_GET['refNo'];
what about it?
1. you mean the fact that the GET val is not sanitized?
2. or the oddness of 'refNo' becoming 'refString' (is it a string, a
number, superman)? 3. or the direct use of $_SESSION and the lack of
specific session cookie settings?
1. is evil, 2. is odd and 3. is a change recommendation ... if you ask me.
1. 2.
Orginal Code
<?php
session_start();
session_register("refString");
$refString = $_GET['refNo'];
?>
3. Could you explain a bit or re direct me a document about this ?
the original code is rubbish. $_SESSION should be used and session_register()
should not. in that sense you translation of the code was an improvement.
the only really bas thing is the lack of input sanitation in $_GET['refNo']
using session_register() is depreciated.
Sancar
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
