You should be sanatizing code here. When you save it to the session and
when it's output. Look arround the newsgroups or online for info about it,
it's everywhere.
- Dan
"mike" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
On 8/26/07, Jason Cartledge <[EMAIL PROTECTED]> wrote:
I would replace $_REQUEST with $_GET or $_POST (as appropriate)
if ( !empty($_REQUEST['gender']) )
{
$registrationGender=$_REQUEST['gender'];
}
else {
Personally I would use if(isset($_SESSION['registrationGender'])) here
if (session_is_registered('registrationGender'))
{
$registrationGender=$_SESSION['registrationGender'];
print "you are preregistered as a $registrationGender";
}
else
{
print "your gender is unknown, youare assumed to be a
male";
$_SESSION['registrationGender']='male';
I would change it to assign it here. No need to assign it a second
time below, since you are just printing the session variable if it is
already set
}
}
Those are a couple quick things my tired bloodshot eyes thought of.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
