--- GH <[EMAIL PROTECTED]> wrote: > Brian: > > What way should you not reference session variables? I seem to have > missed that part of the discussion... Sorry.
I think he meant to be wary of register_globals and thinking you're referencing a session variable when you use $foo rather than $_SESSION['foo']. With register_globals enabled, you can't be sure of the data's origin. Chris ===== Chris Shiflett - http://shiflett.org/ PHP Security - O'Reilly HTTP Developer's Handbook - Sams Coming December 2004 http://httphandbook.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
