> Anyway, it's not a big thing if you're _really_ stringent about how you
> check every single variable which is used in a database query,
> system/passthru/exec, or eval command, and your checking methods are
> flawless, but otherwise it's just best to go to the trouble of hacking
> around the input explicitly.
Obviously my code is perfect, so I don't need to worry - but I'll leave it
set as default anyway :-)
One thing I do avoid is using register_globals, which removes some of the
threats suggested elsewhere in this thread. I do validate user input fairly
thoroughly, but it's always better to be safe. The reason I asked the
question was because I wasn't sure the behavior I was seeing was correct,
and didn't want to fix loads of code that I'd have to un-fix later on. Now I
know what's going on I'll go ahead with the fixes. Saves me remembering to
change PHP.INI on other machines, if nothing else.
Thanks for the help.
--
Mark Rogers
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
