At 01:36 30.01.2003, CF High said: --------------------[snip]-------------------- >However, setting register_globals on or off makes no difference. The >variables are still not getting evaluated........ --------------------[snip]--------------------
I _BET_ it's register_globals. Did you restart the webserver in case PHP is loaded as a module? Anyway: it's a lot safer having register_globals set to "off" (see http://www.php.net/manual/en/security.registerglobals.php#security.registerg lobals for a discussion on security issues). For example, assuming that a certain cookie value is available, with register_globals on this value may be forged by passing the value as part of the url. A lot of different possibilities arise. -- >O Ernest E. Vogelsinger (\) ICQ #13394035 ^ http://www.vogelsinger.at/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
