> >>accept_parameters($user_string); // or something similar > register_globals off. > $user_string=$HTTP_POST_VARS["user_string"]; > > This accomplishes the same thing as your example, and doesn't > introduce any new syntax... I don't really see the advantage of the > "accept_parameters" idea. Well, the programmer doesn't need to know if it was introduced by POST or GET or whatever, and will be made to think about what parameters he/she is accepting... thereby making him aware of the security issues. Plus, it looks better :-) (yeah I know, subjective...) Cheerio, Marc. -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
- RE: [PHP-DEV] Security Issues Zeev Suraski
- Re: [PHP-DEV] Security Issues Ron Chmara
- Re: [PHP-DEV] Security Issues Zeev Suraski
- Re: [PHP-DEV] Security Issues teo
- Re: [PHP-DEV] Security Issues Zeev Suraski
- Re: [PHP-DEV] Security Issues teo
- Re: [PHP-DEV] Security Issues PHP
- Re: [PHP-DEV] Security Issues Zeev Suraski
- RE: [PHP-DEV] Security Issues Marc Boeren
- RE: [PHP-DEV] Security Issues Brian Tanner
- RE: [PHP-DEV] Security Issues Marc Boeren
- RE: [PHP-DEV] Security Issues Marc Boeren
- Re: [PHP-DEV] Security Issues Phil Driscoll
- RE: [PHP-DEV] Security Issues Zeev Suraski
- Re: [PHP-DEV] Security Issues php4
- Re: [PHP-DEV] Security Issues Zeev Suraski
- Re: [PHP-DEV] Security Issues Phil Driscoll
- Re: [PHP-DEV] Security Issues Zeev Suraski
- Re: [PHP-DEV] Security Issues Andi Gutmans
- Re: [PHP-DEV] Security Issues Ramsi Sras
- Re: [PHP-DEV] Security Issues Ron Chmara