>I use it in front of variables (never tried it on $GLOBALS, etc though)
>
>eg: (using register_globals = on thingo - hey don't blame me, it's the
>tech guys who have it on, and there's too much legacy code to turn it off :(
>- anyway)
>
><?
> if (@$var) { echo "Yep, var is there"; } else { echo "nope"; }
>?>
The risk is in hackers using an un-initialized $var to pass in their own
data.
If you've *correctly* programmed and caught *every* single case where that
might happen, by using isset() or even something like the above, only doing
something more useful, you're almost-for-sure okay.
register_globals off just annoys me since I *always* initialize variables,
and there's no point to me re-writing the tons of scripts for it, but that's
life.
That said, the sheer number of non-programmers writing PHP made
register_globals on a Bad Idea (tm) really...
I guess even some good programmers could occasionally miss a variable
initialization, though I never do :-)
--
Like Music? http://l-i-e.com/artists.htm
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
