[snip] There is also a $_REQUEST variable. At the risk of starting another flame war: IMHO switching off register globals and relying on $_POST etc can lull you into a false sense of security. [/snip]
***applause*** Bottom-line....as I just said in another thread....initialize your variables and validate them when you get them from 'outside' sources -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php