>> But how you know, if you have a few tausends of php code lines, which part >> have some sloppy code. Nobody is perfect. In my opinion you should turn >> register_globals to off if it's possible. It's much more secure.
>Rouvas Stathis wrote: >I strongly disagree with that. >Consider the following code (assuming $foo is 'external' variable): >1: if ($foo=='yes') transfer_money_to_me(); >2: if ($_GET['foo']=='yes']) transfer_money_to_me(); >Why (2) is safer than (1)? Answer: It is *not*. As I wrote before, I dont talking about a 3 liner, but if some developers work on a huge project. There is no reason why dont make use of the _GET[] _POST[] ....... arrays and switch this register_globals to OFF -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
