That was enlightening, thank you.  I think that I had better set 
register_globals OFF !  However there is still one last nagging question 
in my mind:  What is the purpose of the $_GET (or $HTTP_GET_VARS) 
predefined variable?  It seems that in the case of "get" variables, 
malicious variables could still be set in the querystring and even using 
$_GET['variablename'] wouldn't be able to stop this from happening.  
That is, from what I understand, the advantage of using "get" variables 
in the first place.

So does using $_GET actually confer any additional security?  If so, how?

Thank you all,


On Tuesday, January 15, 2002, at 03:55  PM, Johnson, Kirk wrote:

> Give this a read first, then come back if you still have questions ;)
> Kirk
>> -----Original Message-----
>> From: Erik Price [mailto:[EMAIL PROTECTED]]
>> Sent: Tuesday, January 15, 2002 1:50 PM
>> To: PHP
>> Subject: [PHP] security benefits of predefined variables
>> Hi,
>> I was hoping that someone could point me to a page or
>> resource where I
>> can find more information about using the predefined variables
>> introduced in PHP 4.1.0.

PHP General Mailing List (
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to