Hi, I was hoping that someone could point me to a page or resource where I can find more information about using the predefined variables introduced in PHP 4.1.0. I read the "release announcement" (http://www.php.net/release_4_1_0.php), which is what called my attention to the potential security problems. I think I understand the example provided (where $authenticated is passed by a malicious user and overrides the "authenticate_user()" function) -- but does this mean that from this point on, any variables generated by a form should be pulled from $_GET or $_POST ? It seems that there isn't a difference between $variable and $_GET['variable'], since a user could add "?variable=1" to the querystring. But then, keep in mind that I don't know everything that's going on here.
In other words, is there a more detailed description of the process of pulling a form variable from one of these arrays? Thanks, Erik -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
