[snip] > All these responses and nobody has said anything about > register_globals?
heh, I guess you're right. Feel free to elaborate on what you mean for those of us that don't know what's up with register_globals. [/snip] Well it's all at http://www.php.net/register_globals for anyone that wants any in depth information about register_globals. But basically, if you write your code improperly it can lead to security holes in your web app. There are some good examples on the PHP website. But register_globals will just enable or disable someone passing a variable directly to your script. For example, someone could just send a variable to your script to get around a poorly coded authentication algorithm. Eg, http://your-host.com/login.php?authorized=true With register_globals turned off, it is not really possible for someone to pass variables to your script without you allowing it. You HAVE to specify which variables are going to be passed from a form etc. If you code properly, you could get away with turning register_globals on, but this requires you to be very careful when thinking about the logic of your code. Hope this helps. - Andre -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
