Don't like auto register globals ... try the following at the beginning of your script.
ini_set ('register_globals','Off');
Works for me places I'm hosted at.
HTH,
Jason k Larson
Noel Wade wrote:
Hi all, So I have a session variable; but with register_globals active on the server I'm hosted at (no way to turn it off), just checkng for "$varX" in my script could retrieve the session variable, a GET variable with the same name, or a POST variable with the same name - and as a security concern, someone could use a GET request (http://somehost/mypage.php?varX=0) to spoof the script into thinking that "varX" is the wrong value.So, is there any way in a script to specify that I want to retrieve the value stored in the registered session_variable("varX")?? Thanks, --Noel
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
