[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: BRL vs PHP (getting inputs)
> I'm afraid you have it backwards: Prior PHP... no need to explicitly get
> inputs.
>
> Current PHP (4.1.0), need to explicitly get inputs under the default
> configuration. Check php.net for the release announcement. This change
> is because the prior way of doing things opened up too many security
> holes.
>From http://www.php.net/release_4_1_0.php
PHP 4.1.0 still defaults to have register_globals set to on. It's a
transitional version, and we encourage application authors, especially public
ones which are used by a wide audience, to change their applications to work
in an environment where register_globals is set to off. Of course, they should
take advantage of the new features supplied in PHP 4.1.0 that make this
transition much easier.
But... I was unaware of this (imminent) change, so thanks for pointing it out.
Ash