|
Posted by Jason Barnett on 04/28/05 18:58
Richard Davey wrote:
> Hello Jason,
>
> Thursday, April 28, 2005, 4:23:43 PM, you wrote:
>
> JB> Indeed... and replace ?a=22 with ?first=22 in my message as well.
> JB> :-/
>
> Heh.. ok :)
>
> No worries, demonstrated to me that RegGlobs aren't quite as
> destructive as popular myth would lead you to believe (not that it'll
> make me start using them mind you)
>
> Best regards,
>
> Richard Davey
You're right. The truth is that you *can* code securely with
register_globals on, but it is more difficult than having it turned off.
AFAIK the main problem with it is that if you forget to initialize
your global variables for something (which might include some $user_auth
type variable) then users can easily send bogus information. And even
with this the order in which global variables get initialized can affect
register_globals. So instead we just scare all of the new PHP coders by
telling them about the RegGlobs boogie man.
[Back to original message]
|