Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Security Note...' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Security Note...
Authored by: natecook on Nov 12, '03 01:51:22PM
The reason register globals is off by default is that turning it on opens up a potential security issue in PHP pages: anything in the querystring ends up as part of the default namespace. If you're writing PHP yourself, this means you should either code with register globals off and use the global $_GET[] &co (which I've found quite handy) or always declare and initialize your variables before using them. Good idea anyway, but there you go.

[ Reply to This | # ]