If register_globals is "on" (ewww!) at otherhost.com, then "?safe_flag" on the URL will get in.
This is one of the reasons why register_globals should be OFF. NOTE: The code you gave does not describe the circumstances whereby $safe_flag is "set". There could be all manner of other issues around that code that we cannot address without seeing more. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
