[moving this to php-dev]
First: Great! Woohoo! Thanks Zeev!
On Wed, 8 Aug 2001, Zeev Suraski wrote:
>At 20:27 08-08-01, Andrei Zmievski wrote:
>>On Wed, 08 Aug 2001, Zeev Suraski wrote:
>> > Good question, open for debate... Generally I consider GPC as a group of
>> > data which cannot be trusted, since it's coming from the user. But I'm
Include cookie data in the $_FORM only if it's renamed to something
else. I wouldn't expect a variable named $_FORM to have anything but
the data which comes from forms.
>I tend to lean towards changing it from $_FORM too. Andi suggested
>$_CLIENT. Let's hear some feedback:
>
>- Keep it as $_FORM
>- $_USER
$_USER == $_EVIL
;)
--Jani
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
