Miguel Cruz wrote: > > On Tue, 23 Apr 2002, Rouvas Stathis wrote: > >Miguel Cruz wrote: > >> > >> On Mon, 22 Apr 2002, Leif K-Brooks wrote: > >>> I use $formvar for form processing, I don't use the arrays. This is how I > >>> was taught to do it. If my host upgrades to 4.2.0, my website is as good as > >>> gone! What am I supposed to do?! > >> > >> Fix them! This direction was first announced in 4Q1999; 2.5 years ought to > >> be enough preparation time. > > > > No, it isn't! For anything that breaks old functionality, 'forever' is > > not enough time. > > It doesn't break old functionality. You just have to read the manual. > Either leave your php.ini file untouched from your earlier installation > (which is not a difficult undertaking), or override the global import > feature on a site-by-site (or directory-by-directory) basis using your web > server's configuration tools.
Yes, you could do that. But then again, what happens if you have to use a piece of code that someone else has written that did not take the new habbit into account? A number of interesting questions arise when you have to operate that code alogn with newer one. Oh well, I guess everything must change. After all, managing change is what we humans do, don't we:-) > > >> This change improves your security, so it'd be rational to be happy about > >> it. > > > > No it doesn't. It just provides another excuse for lazy programming. > > Nothing will save a lazy programmer or one that doesn't understand basic > > principles. > > I disagree. You cannot expect everyone to be perfect. The fact is that > people make mistakes and go through a learning process, and anything that > helps them through this is a benefit to all. Otherwise why have any > security features at all? Firewalls encourage lazy programming! Locks and > police encourage lazy domestic vigilance! It's just that I don't see any security value in superglobals. If someone does not know enough, he/she will make the same mistake with or without superglobals (from security's point of view). As far as "lazy programming", please refer to my previous post. -Stathis. > > And it's not lazy to assume a variable starts with value NULL, in a > language with no storage declaration requirements and where the > documentation says that variables start with value NULL. Just because C or > Pascal require you to do something, doesn't mean that you are being lazy > for not doing it elsewhere. > > miguel -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
