Reply to register_globals on / off - I think I'm missing the point
Posted by +mrcakey on 10/24/07 10:57
I understand that register_globals was turned off by default as, unless
you initialised it, it could be altered by a malicious coder.
What I don't understand is how the $_POST['foo'] form is any more
secure. Surely Mr Malicious Coder can still just send his own version
of $_POST['foo']?
Obviously I'm missing something, I just can't figure out what!