Happy Friday! I don't know anything about the innards of the PHP/Apache relationship. I am wondering if there is a security advantage to using the getenv() function to access an environment variable, instead of using the $HTTP_SERVER_VARS array, or, if register_globals is on, the global version of the variable. Using $SERVER_NAME as an example, and assuming register_globals is on, if
$foo = gentenv("SERVER_NAME"); $bar = $HTTP_SERVER_VARS["SERVER_NAME"]; are $foo, $bar and $SERVER_NAME guaranteed to have the same value? Can a cracker poison one of these but not the other? Does getenv() get the value from Apache or PHP's namespace? You know what I'm getting at, right? ;) TIA Happy Friday! Kirk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]