> @@ -12,8 +12,8 @@ > input window. Once the user has filled in a username and a password, > the URL containing the PHP script will be called again with the > <link linkend="reserved.variables">predefined variables</link> > - <varname>PHP_AUTH_USER</varname>, <varname>PHP_AUTH_PW</varname>, > - and <varname>AUTH_TYPE</varname> set to the user name, password and > + <varname>$PHP_AUTH_USER</varname>, <varname>$PHP_AUTH_PW</varname>, > + and <varname>$AUTH_TYPE</varname> set to the user name, password and > authentication type respectively. These predefined variables are found > in the <link linkend="reserved.variables.server">$_SERVER</link> and > <varname>$HTTP_SERVER_VARS</varname> arrays. Only "Basic" authentication > @@ -68,8 +68,8 @@ > </note> > > <para> > - Instead of simply printing out <varname>PHP_AUTH_USER</varname> > - and <varname>PHP_AUTH_PW</varname>, as done in the above example, > + Instead of simply printing out <varname>$PHP_AUTH_USER</varname> > + and <varname>$PHP_AUTH_PW</varname>, as done in the above example, > you may want to check the username and password for validity. > Perhaps by sending a query to a database, or by looking up the > user in a dbm file.
Leaving the $ off here is intentional, don't you think promoting register_globals = on in the manual is a bad thing? It mentions $_SERVER so there shouldn't be a problem. Regards, Philip