Posted by Chung Leong on 10/12/05 06:40

peter wrote:
> I have been unsuccessful turning register_globals off. I've tried
> several ideas. I'm thinking it may not be possible with my hosting
> company. If I initialize all variables, using $_POST, does that make
> my script relatively secure?

Depends. If variable initializations can be bypassed, then you'll have
problem. For example, say you're initializing a bunch of global
variables in config.php. The file is included in index.php, which,
incidently, includes other files:

<?

include("config.php");

switch($_GET['page']) {
case 'forum':
include("forum.php");
break;
case 'about':
include("about.php");
break;
}

?>

If forum.php or about.php is accessed directly, then the configuration
variables wouldn't get initialized.

• Next in forum: Re: PHP Configuration Problems Part II
• Prev in forum: Re: php and freetds
• Thread view: Re: Variables initialized - does register_globals on matter?

[Reply to this message]