> >>accept_parameters($user_string); // or something similar
> register_globals off.
> This accomplishes the same thing as your example, and doesn't
> introduce any new syntax... I don't really see the advantage of the
> "accept_parameters" idea.
Well, the programmer doesn't need to know if it was introduced by POST or
GET or whatever, and will be made to think about what parameters he/she is
accepting... thereby making him aware of the security issues.
Plus, it looks better :-)
(yeah I know, subjective...)
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]