Yup I still don't see how it improves anything with regards to security. -----Original Message----- From: Raditha Dissanayake [mailto:[EMAIL PROTECTED] Sent: 13 November 2003 15:24 To: [EMAIL PROTECTED] Subject: Re: [PHP] register_globals & security
Hi, There is also a $_REQUEST variable. At the risk of starting another flame war: IMHO switching off register globals and relying on $_POST etc can lull you into a false sense of security. Fernando Melo wrote: >Thanks. > >I don't see how this makes it more secure though? > >The values are still picked up the same way from a URL > >-----Original Message----- >From: Jon Haworth [mailto:[EMAIL PROTECTED] >Sent: 13 November 2003 13:28 >To: [EMAIL PROTECTED] >Subject: Re: [PHP] register_globals & security > >Hi Fernando, > > > >>I have a PHP application that passes variables (values) from a form. >>I get these using $_POST >> >>However I do also post some variables via a link. Which ofcourse requires >>register_globals to be ON. >> >> > >Do you mean variables in a URL, like this: >www.example.com/index.php?foo=1&bar=2 > >If so you can access these via the $_GET array and leave register_globals >turned off. > >Cheers >Jon > > > -- Raditha Dissanayake. ------------------------------------------------------------------------ http://www.radinks.com/sftp/ | http://www.raditha.com/megaupload Lean and mean Secure FTP applet with | Mega Upload - PHP file uploader Graphical User Inteface. Just 150 KB | with progress bar. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
