Thanks John,
I had been debating which IP Iwould use for my site. With the information
you've provided, I will use the one that has register_globals=off.
One re-write of all my code is enough. Besides, the purpose of the default
'off' behavior is precisely why I'm using $_SESSION's anyway.
I really appreciate the advice, since I'm almost about to put my site
on-line. . . . Just a few (hah!) last-minute-bugs (double-hah!) have to be
cleared up first before 'InstantFame (tm) or was that shame???. :>
The last thing I need is another headache like the one I developed using CSS.
Thanks again,
Andre
On Friday 27 September 2002 05:42 pm, John Holmes wrote:
> > My IP informed me that they have register_globals=on in their php.ini.
>
> Is
>
> > this going to cause problems with my scripts that were written using
> > $_POST,
> > $_SESSION, etc?
>
> If you can turn it off via, .htaccess, you'd be better. The scripts will
> run fine with $_POST or whatever, but realize your open to the
> vulnerabilities that made OFF the default. If you use if($value)
> anywhere, that value could come from the user. Just something to be
> aware of.
>
> Also, with register_globals ON, unregistering a session variable is
> tricky. You have to use session_unregister("value") and
> unset($_SESSION['value']) and maybe even unset($value); If you don't
> ever unregister variables, then you won't have a problem.
>
> ---John Holmes...
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
