I'm gonna have to go ahead and agree with Peter.  As a relative Newbie to
PHP (1 year), I can tell you that when I switched from Perl to PHP, one of
the biggest "Wow, this is great" features was the easy variable access.  It
makes it fast for a newbie to hack something together that works -- which is
often all that is really needed.

Should the average script be coded better?  Yes.  However, you can't
legislate good coding by imposing sanctions on technique. (IMHO)

I agree with Peter that if someone is writing a script with security even in
the back corner of their mind, they will be initializing variables, and
grabbing them from the appropriate "HTTP_*_VARS".

If someone has no clue about security, they are lost anyway.  You can't
*force* their script to be secure from the outside.  More likely, they are a
novice programmer and will give up on PHP just as they have on Perl --
because it is just too difficult for them to learn.

My .02

-Brian Tanner

>this is not a language issue, it is a
>script-coder one,
>if someone is not able to handle this,
>he is not able to write scripts if register_globals is turned off
>- Peter

PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to