--- Raditha Dissanayake <[EMAIL PROTECTED]> wrote: > At the risk of starting another flame war: IMHO switching off register > globals and relying on $_POST etc can lull you into a false sense of > security.
I agree, and this is more true with the safe_mode directive, which I have always thought was poorly named (although I don't have a better suggestion). Disabling register_globals is a good thing, however, and it at least forces developers to understand where their data is coming from. This is a good first step, in my opinion. Chris ===== My Blog http://shiflett.org/ HTTP Developer's Handbook http://httphandbook.org/ RAMP Training Courses http://www.nyphp.org/ramp -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php