If you forget to initialize your internal script variables, then people could potentially inject bogus values for these variables and change how your script operates. eg.
if($password=='david') $ok=1; if($ok) let_them_in(); In the above, assume $password is a user-supplied value and $ok is an internal script variable. Now, since $ok was never initialized to 0 then the user could supply ok=1 and get into let_them_in() regardless of the value of $password. Now, if you make your code E_ALL clean and make sure you initialize your internal variables, you are correct, having register_globals on is cleaner and easier to deal with. -Rasmus On Mon, 19 Aug 2002, David Rice wrote: > Hi: > > I have a test site where I am trying out a few things in PHP. I started > off with register_globals on. Then I read in the docs that it is best > to turn turn register_globals off. I did so and now I am having a > marvelous time recoding some session stuff :( > I could not find much info on why "register_globals on" is a bad thing. > Seems to me that code is much cleaner with them on. What's the down side? > > Cheers, > David > > On Monday, August 19, 2002, at 05:05 PM, Rasmus Lerdorf wrote: > > > Sure, turn register_globals on only for the oasis directory. In your > > httpd.conf add: > > > > <Directory /some/path/oasis> > > php_value register_globals on > > </Directory> > > > > -Rasmus > > > > On Mon, 19 Aug 2002, Andy wrote: > > > >> Hi there, > >> > >> I am running php 4.2.2 with register globals set to off. Now I am > >> planing to > >> install oasis (a add tracking sw). Their current version requires a php > >> build with register globals set to on!? > >> > >> Is there a way out of this dilema running only one server? > >> > >> Thanx for any advice, > >> > >> Andy > >> > >> > >> > >> > >> > >> -- > >> PHP General Mailing List (http://www.php.net/) > >> To unsubscribe, visit: http://www.php.net/unsub.php > >> > > > > > > -- > > PHP General Mailing List (http://www.php.net/) > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
