Thanks for your recommendations, what if they use page.php?$_POST[$total]?$_POST is made by PHP and you can rely on it to be safe for such tricks, especially because your trick will not even work with normal arrays.
I've asked several times to make this more clear on the PHP site but the usual reply is pretty unhelpful. Sadly because this problem is causing many people headaches.instead of $toal?? wouldn't the outcome be the same? is there good article on this subject? I think this is quite important in developing secure application, I have googled but no luck
Start at 'new input mechanism' on http://de.php.net/release_4_1_0.php
then go http://de.php.net/manual/en/security.registerglobals.php
then search for _POST and _GET to see more.
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php