>(This was from an email sent to Gabor, and the site said this address was for help)
>>This is not a definition of the $blah variable. $blah = 1; would be a definition.
>I've never had any problems using just $blah; before, it never errored on 
>me once, is there any reason it does this? (by the way the version I use on 
>Nadrew.com is 4.2.1 and it works fine.)

It does this because you have willfully dis-regarded the warning messages!

You did so by not using error_reporting(E_ALL) at the top of your scripts,
or similar setting in your php.ini or .htaccess

As a result, you have some SECURITY HOLES in your scripts.

Until 4.2.x where register_globals was turned off, a malicious user could


Now, the $blah that your code assumes is blank is *NOT* blank, and I've put
stuff into it you've never even considered might be in there...  And it
might be malicious code.

Now, if you were *REALLY* rigorous about checking values/data/content of
*ALL* variables, and not just the ones you *thought* were coming from the
user, that would be fine, but since you almost for sure didn't, it's an
unacceptable risk.

Like Music?  http://l-i-e.com/artists.htm
I'm looking for a PRO QUALITY two-input sound card supported by Linux (any
major distro).  Need to record live events (mixed already) to stereo
CD-quality.  Soundcard Recommendations?
Software to handle the recording? Don't need fancy mixer stuff.  Zero (0)
post-production time.  Just raw PCM/WAV/AIFF 16+ bit, 44.1KHz, Stereo

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to