There is also a $_REQUEST variable.
At the risk of starting another flame war: IMHO switching off register globals and relying on $_POST etc can lull you into a false sense of security.

Fernando Melo wrote:


I don't see how this makes it more secure though?

The values are still picked up the same way from a URL

-----Original Message-----
From: Jon Haworth [mailto:[EMAIL PROTECTED] Sent: 13 November 2003 13:28
Subject: Re: [PHP] register_globals & security

Hi Fernando,

I have a PHP application that passes variables (values) from a form.
I get these using $_POST

However I do also post some variables via a link. Which ofcourse requires
register_globals to be ON.

Do you mean variables in a URL, like this: www.example.com/index.php?foo=1&bar=2

If so you can access these via the $_GET array and leave register_globals
turned off.


Raditha Dissanayake.
http://www.radinks.com/sftp/         | http://www.raditha.com/megaupload
Lean and mean Secure FTP applet with | Mega Upload - PHP file uploader
Graphical User Inteface. Just 150 KB | with progress bar.

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to