>I forgot to point out another disadvantage of turning on register_globals >apart from that of security is that when you are sending a page with a >form to the same page, e.g: > ><form name=whatever action=$PHP_SELF method=post> > >there is a tendency to lose info.. E.g. >If you are sending text separated by spaces you only manage to >send the first word this can be overcome by using the >htmlspecialchars('value') method to evaluate value... > >turning on globals is to make the coding easier but has a >good deal of disadvantages...
register_globals on or off is completely irrelevant to using urlencode (GET) or htmlentities (POST) to send properly formatted strings to the browser. If you want to delude yourself the register_globals off significantly increases security, go ahead, but don't claim that it somehow "fixes" badly-encoded HTML. It doesn't. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php