Jay and Eugene have already made very good suggestions. To add to that you can always try filtering your variables with strip_tags(), htmlspecialchars(), addslashes() etc to protect against attacks.
all the best
Fernando Melo wrote:
Yup I still don't see how it improves anything with regards to security.
-----Original Message-----
From: Raditha Dissanayake [mailto:[EMAIL PROTECTED] Sent: 13 November 2003 15:24
To: [EMAIL PROTECTED]
Subject: Re: [PHP] register_globals & security
Hi,
There is also a $_REQUEST variable.
At the risk of starting another flame war: IMHO switching off register globals and relying on $_POST etc can lull you into a false sense of security.
Fernando Melo wrote:
Thanks.
I don't see how this makes it more secure though?
The values are still picked up the same way from a URL
-- Raditha Dissanayake. ------------------------------------------------------------------------ http://www.radinks.com/sftp/ | http://www.raditha.com/megaupload Lean and mean Secure FTP applet with | Mega Upload - PHP file uploader Graphical User Inteface. Just 150 KB | with progress bar.
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php