[moving this to php-dev]

First: Great! Woohoo! Thanks Zeev!

On Wed, 8 Aug 2001, Zeev Suraski wrote:
>At 20:27 08-08-01, Andrei Zmievski wrote:
>>On Wed, 08 Aug 2001, Zeev Suraski wrote:
>> > Good question, open for debate...  Generally I consider GPC as a group of
>> > data which cannot be trusted, since it's coming from the user.  But I'm

Include cookie data in the $_FORM only if it's renamed to something
else. I wouldn't expect a variable named $_FORM to have anything but
the data which comes from forms.

>I tend to lean towards changing it from $_FORM too.  Andi suggested
>$_CLIENT.  Let's hear some feedback:
>- Keep it as $_FORM
>- $_USER

$_USER == $_EVIL



PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to