I'm gonna have to go ahead and agree with Peter. As a relative Newbie to
PHP (1 year), I can tell you that when I switched from Perl to PHP, one of
the biggest "Wow, this is great" features was the easy variable access. It
makes it fast for a newbie to hack something together that works -- which is
often all that is really needed.
Should the average script be coded better? Yes. However, you can't
legislate good coding by imposing sanctions on technique. (IMHO)
I agree with Peter that if someone is writing a script with security even in
the back corner of their mind, they will be initializing variables, and
grabbing them from the appropriate "HTTP_*_VARS".
If someone has no clue about security, they are lost anyway. You can't
*force* their script to be secure from the outside. More likely, they are a
novice programmer and will give up on PHP just as they have on Perl --
because it is just too difficult for them to learn.
My .02
-Brian Tanner
>this is not a language issue, it is a
>script-coder one,
>if someone is not able to handle this,
>he is not able to write scripts if register_globals is turned off
>too
>
>- Peter
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
