Jerry Stuckle wrote:
> Sanders Kaufman wrote:

>> What is the security risk attached to having register_globals turned on?
>
> Well,among other things, a smart user could do something like:
>
> http://www.example.com?authorized=1&level=admin
>
> This could set the person as authorized, with admin level. Of course, a
> simple example - but you get the idea. Even the PHP designers have
> recommended against its use, and it will probably be removed in a future
> release.

It looks like you're saying that query string variables are
automatically made into $_SESSION variables - is that right?

If not - then the whole security issue is resolved by using $_GET and
$_POST correctly, right?


>>> $MyVar = isset($_SESSION['MyVar']) ? $_SESSION['MyVar'] : 0;


> I do have a tendency to get rather pissed off at people who think they
> know it all when they really have no clue. But after almost 40 years of
> programming I get a little jaded :-)

They say the toothless get ruthless. :)