I recently read in a popular uk internet mag that it's best to turn off register_globals in .htaccess. Just a Q, is this really worth it? What can happen?
eelixduppy
10:50 am on May 17, 2006 (gmt 0)
Here are a few reasons register globals [au2.php.net] should be off: a) it seperates the users variables from the server variables, they are in a different scope. b) Semi-Solves security problems, if you use POST on your form, then with register globals OFF, a user cannot spoof the form using something like phpPage.php?name=a&email=b
ahmedtheking
11:34 am on May 17, 2006 (gmt 0)
Ok, I think I get it. I'm gonna try and work with it off!
