> > Seak, Teng-Fong wrote: > > No, I don't deserve anything because, as I've written in the > > original post (but I suppose you didn't notice), the website is > > outsourced and made by a 3rd company. Then you should be having this conversation with the 3rd party. They need to validate *EVERY* bit of data that comes into the script from outside. This includes items passed on the URL, POSTed items, uploaded files, etc. You CANNOT TRUST that your URL has not been tampered with, regardless of the scripting language you use (ASP, PHP, JSP, etc) If they do not validate the inputted data, they have problems like you have seen. Relying on register_globals is taboo. Any competent PHP programmer knows that, and likely has known it for a long time. > I know ASP and JSP, but not PHP. I've not got much time > to invest > into this. Sounds like you need a good consultant. My rates are reasonable. ;-) JM -- PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
