> It does *NOT* stop a hacker from using GET/POST to initialize variables
that
> were never set. Turn on E_NOTICE, damnit.
Whoops. That part of my rant was patently false. I was on a roll, though
:-)
If register_globals is off, of course POST 'i' can't over-ride your
uninitialized $i variable.
You *still* oughta have E_NOTICE on and test every line of code anyway,
though :-)
And I still think sanitizing user-input, which you have to do anyway, and
initializing every non-user-input variable, which you ought to do, is the
Right Way to go instead of cluttering up your code with HTTP_xxx_VARS and
making life difficult for newbies. YMMV.
Sorry for the multiple posts.
--
WARNING [EMAIL PROTECTED] address is an endangered species -- Use
[EMAIL PROTECTED]
Wanna help me out? Like Music? Buy a CD: http://l-i-e.com/artists.htm
Volunteer a little time: http://chatmusic.com/volunteer.htm
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
