> off. Likewise though, you might start looking for replacements for those > scripts as it takes time to make the changes, but it has been a year since > register_globals were turned off by default and mentioned that they were > going away in the future.
That is a sound advice, some time ago a lot of my scripts were using globals on and as painful as it was I made the switch. In the long run it pays off. It makes your programming more secure by default. One quick way to globals is to simply find/replace in multiple files. Or declare the values at the beginning of your scripts Eg. $foo = $_POST["foo"]; it does not fully utilise the globals off style of coding, but offers a quick fix during transition period, especially if you're paranoid about automatic find/replace R> > -----Original Message----- > From: news [mailto:[EMAIL PROTECTED] Behalf Of J. Cox > Sent: October 19, 2003 5:30 PM > To: [EMAIL PROTECTED] > Subject: [PHP] Re: Session hijacking > > > > "Ryan A" <[EMAIL PROTECTED]> wrote in message > news:[EMAIL PROTECTED] > > NO! Globals are on.... > > And asking the others they tell me that around 20% of the > scripts (around > > 300 scripts) wont function with globals off :-( > > > > What to do? > > Use an ini_set in your sessions script (I am assuming that you are using a > seperate script to manage your sessions) to turn your registered globals > off. Likewise though, you might start looking for replacements for those > scripts as it takes time to make the changes, but it has been a year since > register_globals were turned off by default and mentioned that they were > going away in the future. > > In addition, take a look at some of the other suggestions that were made, > beyond this one. > > J. Cox > http://www.xaraya.com > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
