Re: [PHP] Re: Session variables not unsetting

2004-12-06 Thread Jason Wong
On Tuesday 07 December 2004 01:32, Richard Lynch wrote: > steve wrote: > > Jason Wong wrote: > >> With register_globals enabled, the problem is not with the $_POST, $_GET > >> etc variables (although yes you should always validate data when they > >> come > >> from untrusted sources). The problem i

Re: [PHP] Re: Session variables not unsetting

2004-12-06 Thread Richard Lynch
steve wrote: > Jason Wong wrote: > >> With register_globals enabled, the problem is not with the $_POST, $_GET >> etc variables (although yes you should always validate data when they >> come >> from untrusted sources). The problem is that malicious users can pollute >> your namespace and if you do

Re: [PHP] Re: Session variables not unsetting

2004-12-06 Thread steve
Jason Wong wrote: > With register_globals enabled, the problem is not with the $_POST, $_GET > etc variables (although yes you should always validate data when they come > from untrusted sources). The problem is that malicious users can pollute > your namespace and if you do not initialise variabl

Re: [PHP] Re: Session variables not unsetting

2004-12-06 Thread Jason Wong
On Monday 06 December 2004 22:50, steve wrote: > Yeah - as I mentioned in the original post, all my pages start with that. > I'm a little PO'd about the change to register_globals on. Alas, trying to > switch it off in an .htaccess file causes a 500 error. That said, I never > use variables passed

[PHP] Re: Session variables not unsetting

2004-12-06 Thread steve
Peter Lauri wrote: > Security? > > Have you called session_start(); ??? Yeah - as I mentioned in the original post, all my pages start with that. I'm a little PO'd about the change to register_globals on. Alas, trying to switch it off in an .htaccess file causes a 500 error. That said, I never u

[PHP] Re: Session variables not unsetting

2004-12-06 Thread Peter Lauri
Security? Have you called session_start(); ??? /Peter "Steve" <[EMAIL PROTECTED]> skrev i meddelandet news:[EMAIL PROTECTED] > Steve wrote: > > > I'm having a problem with session variables. > > Never mind. Seems that the hosting company decided this week to switch from > register_globals off

[PHP] Re: Session variables not unsetting

2004-12-05 Thread steve
Steve wrote: > I'm having a problem with session variables. Never mind. Seems that the hosting company decided this week to switch from register_globals off to register_globals on. I'm not the first person to call them about this! -- @+ Steve -- PHP General Mailing List (http://www.php.net/)