[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: BRL vs PHP (getting inputs)

> I'm afraid you have it backwards: Prior PHP... no need to explicitly get
> inputs.
> Current PHP (4.1.0), need to explicitly get inputs under the default
> configuration.  Check php.net for the release announcement.  This change
> is because the prior way of doing things opened up too many security
> holes.

>From http://www.php.net/release_4_1_0.php

PHP 4.1.0 still defaults to have register_globals set to on. It's a
transitional version, and we encourage application authors, especially public
ones which are used by a wide audience, to change their applications to work
in an environment where register_globals is set to off. Of course, they should
take advantage of the new features supplied in PHP 4.1.0 that make this
transition much easier.

But... I was unaware of this (imminent) change, so thanks for pointing it out.