No, that it fine. User-supplied data can not override a variable defined directly in your script like that regardless of the register_globals setting.
-Rasmus On Sun, 17 Nov 2002, Stephen wrote: > Since day one of me doing MySQL stuff in PHP, I've always set up my query as a >variable then put it into the query function such as this: > > $query = "SELECT * FROM bobstuff WHERE id='1'"; > $result = mysql_query($query, $connection); > > I've just come aware of the security risks of this. How could I make it so the >$query variable isn't editable from the URL? Should I turn register_globals off? > > Thanks, > Stephen Craton > http://www.melchior.us > > "Life is a gift from God. Wasting it is like destroying a gift you got from the >person you love most." -- http://www.melchior.us -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
