It would seem form the ini_set() comments that the answer to both is yet:According the safe-mode page http://us4.php.net/features.safe-mode in http.conf : <Directory /docroot> php_admin_value open_basedir /docroot # In your case safe_mode_include_dir </Directory>
Can "php_admin_value" be inlcuding in the *.php pages and/or .htaccess.
manual > ini_set()
--------- There is another possibility by changing PHP Settings!
If your Webspace is able to handle ".htaccess" files, you're able to change PHP_INI Settings through this file!
To disable register_globals you have to set: php_value register_globals 0
If you wanna set other settings, feel free, because there is no problem!
These Settings are set before running the script, e.g. the results of register_globals, when setting a parameter in the URL like 'foo.php?foo=stuff', is not present, $foo is unset.
----
If itīs not your server and therefore you want to hide the data in your session variables from other users, itīs very useful to set the session.save_handler in your scripts to shared memory with:
"ini_set('session.save_handler','mm')".
Remember: You have to set it in every script that uses the session variables BEFORE "session_start()" or php wonīt find them.
David
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
