--- Paul van Schayck <[EMAIL PROTECTED]> wrote: > Don't tell them about that option! People are forced to script safe > that way.
That is a bit of an exaggeration, don't you think? Leaving register_globals disabled certainly doesn't force people to "script safe[ly]". It does, however, force them to understand where data is coming from, and that is an important point. I agree with you that we should not recommend that people enable register_globals. This is especially true, because the people asking these types of questions already know the least about how data is exchanged on the Web. > Ben, with register globals off hackers can change variables you don't > want to be changed theirself. http://catb.org/~esr/jargon/html/H/hacker.html Chris ===== My Blog http://shiflett.org/ HTTP Developer's Handbook http://httphandbook.org/ RAMP Training Courses http://www.nyphp.org/ramp -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php