Peter Lauri wrote: > Security? > > Have you called session_start(); ???
Yeah - as I mentioned in the original post, all my pages start with that. I'm a little PO'd about the change to register_globals on. Alas, trying to switch it off in an .htaccess file causes a 500 error. That said, I never use variables passed by $_POST or $_GET without validating and all variables on the page are always initialised so I'm hoping the security exposure is minimal. -- @+ Steve -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
