>(This was from an email sent to Gabor, and the site said this address was for help) > >>This is not a definition of the $blah variable. $blah = 1; would be a definition. > > >I've never had any problems using just $blah; before, it never errored on >me once, is there any reason it does this? (by the way the version I use on >Nadrew.com is 4.2.1 and it works fine.)
It does this because you have willfully dis-regarded the warning messages! You did so by not using error_reporting(E_ALL) at the top of your scripts, or similar setting in your php.ini or .htaccess As a result, you have some SECURITY HOLES in your scripts. Until 4.2.x where register_globals was turned off, a malicious user could do: http://nadrew.com/whatever.php?blah=Hack! Now, the $blah that your code assumes is blank is *NOT* blank, and I've put stuff into it you've never even considered might be in there... And it might be malicious code. Now, if you were *REALLY* rigorous about checking values/data/content of *ALL* variables, and not just the ones you *thought* were coming from the user, that would be fine, but since you almost for sure didn't, it's an unacceptable risk. -- Like Music? http://l-i-e.com/artists.htm I'm looking for a PRO QUALITY two-input sound card supported by Linux (any major distro). Need to record live events (mixed already) to stereo CD-quality. Soundcard Recommendations? Software to handle the recording? Don't need fancy mixer stuff. Zero (0) post-production time. Just raw PCM/WAV/AIFF 16+ bit, 44.1KHz, Stereo audio-to-disk. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
