>I forgot to point out another disadvantage of turning on register_globals
>apart from that of security is that when you are sending a page with a
>form to the same page, e.g:
>
><form name=whatever action=$PHP_SELF method=post>
>
>there is a tendency to lose info.. E.g.
>If you are sending text separated by spaces you only manage to
>send the first word this can be overcome by using the
>htmlspecialchars('value') method to evaluate value...
>
>turning on globals is to make the coding easier but has a
>good deal of disadvantages...
register_globals on or off is completely irrelevant to using urlencode (GET)
or htmlentities (POST) to send properly formatted strings to the browser.
If you want to delude yourself the register_globals off significantly
increases security, go ahead, but don't claim that it somehow "fixes"
badly-encoded HTML. It doesn't.
--
Like Music? http://l-i-e.com/artists.htm
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
