>>accept_parameters($user_string); // or something similar If PHP is going to break a bunch of scripts, they would probably just shut register_globals off. This would require people to do: $user_string=$HTTP_POST_VARS["user_string"]; This accomplishes the same thing as your example, and doesn't introduce any new syntax... I don't really see the advantage of the "accept_parameters" idea. -Brian Tanner -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
- RE: [PHP-DEV] Security Issues Brian Tanner
- RE: [PHP-DEV] Security Issues Zeev Suraski
- Re: [PHP-DEV] Security Issues Ron Chmara
- Re: [PHP-DEV] Security Issues Zeev Suraski
- Re: [PHP-DEV] Security Issues teo
- Re: [PHP-DEV] Security Issues Zeev Suraski
- Re: [PHP-DEV] Security Issues teo
- Re: [PHP-DEV] Security Issues PHP
- Re: [PHP-DEV] Security Issues Zeev Suraski
- RE: [PHP-DEV] Security Issues Marc Boeren
- RE: [PHP-DEV] Security Issues Brian Tanner
- RE: [PHP-DEV] Security Issues Marc Boeren
- RE: [PHP-DEV] Security Issues Marc Boeren
- Re: [PHP-DEV] Security Issues Phil Driscoll
- RE: [PHP-DEV] Security Issues Zeev Suraski
- Re: [PHP-DEV] Security Issues php4
- Re: [PHP-DEV] Security Issues Zeev Suraski
- Re: [PHP-DEV] Security Issues Phil Driscoll
- Re: [PHP-DEV] Security Issues Zeev Suraski
- Re: [PHP-DEV] Security Issues Andi Gutmans
- Re: [PHP-DEV] Security Issues Ramsi Sras
