> -----Original Message-----
> An alternative...
>
> 1. register_globals off
>
> use the command
> import_request_variables("PC","_p");
> now you can get the variables like user as $p_user.
> The get variables will be ignored!
>
> Still, If a user developes a special browser, exclusively to
> hack, he may be
> able to send post variables...
Anybody, anywhere in the world, can send any data they want (POST, GET,
COOKIE) to your scripts. They key is to grab only the data you are expecting
to receive.
Kirk
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
