On Tue, 23 Apr 2002, Rouvas Stathis wrote:
>Miguel Cruz wrote:
>> 
>> On Mon, 22 Apr 2002, Leif K-Brooks wrote:
>>> I use $formvar for form processing, I don't use the arrays.  This is how I
>>> was taught to do it.  If my host upgrades to 4.2.0, my website is as good as
>>> gone!  What am I supposed to do?!
>> 
>> Fix them! This direction was first announced in 4Q1999; 2.5 years ought to
>> be enough preparation time.
> 
> No, it isn't! For anything that breaks old functionality, 'forever' is
> not enough time.

It doesn't break old functionality. You just have to read the manual.  
Either leave your php.ini file untouched from your earlier installation
(which is not a difficult undertaking), or override the global import
feature on a site-by-site (or directory-by-directory) basis using your web
server's configuration tools.

>> This change improves your security, so it'd be rational to be happy about
>> it.
> 
> No it doesn't. It just provides another excuse for lazy programming.
> Nothing will save a lazy programmer or one that doesn't understand basic
> principles.

I disagree. You cannot expect everyone to be perfect. The fact is that
people make mistakes and go through a learning process, and anything that
helps them through this is a benefit to all. Otherwise why have any
security features at all? Firewalls encourage lazy programming! Locks and
police encourage lazy domestic vigilance!

And it's not lazy to assume a variable starts with value NULL, in a 
language with no storage declaration requirements and where the 
documentation says that variables start with value NULL. Just because C or 
Pascal require you to do something, doesn't mean that you are being lazy 
for not doing it elsewhere.

miguel


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to