>I forgot to point out another disadvantage of turning on register_globals
>apart from that of security is that when you are sending a page with a
>form to the same page, e.g:
><form name=whatever action=$PHP_SELF method=post>
>there is a tendency to lose info..  E.g.
>If you are sending text separated by spaces you only manage to
>send the first word this can be overcome by using the
>htmlspecialchars('value') method to evaluate value...
>turning on globals is to make the coding easier but has a
>good deal of disadvantages...

register_globals on or off is completely irrelevant to using urlencode (GET)
or htmlentities (POST) to send properly formatted strings to the browser.

If you want to delude yourself the register_globals off significantly
increases security, go ahead, but don't claim that it somehow "fixes"
badly-encoded HTML.  It doesn't.

Like Music?  http://l-i-e.com/artists.htm

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to