Quote:
Originally Posted by perplexed
In the brain burning haze of coding problems i had quite forgotten about the register global issues.
|
Well I hadn't. That's what
$a=mysql_real_escape_string($_POST['a']);
$b=mysql_real_escape_string($_POST['b']);
$c=mysql_real_escape_string($_POST['c']);
was all about.
register_globals was a setting in earlier versions of PHP where a value from a form would automatically become a variable in the receiving script. This can be a security issue in badly written scripts ans so was set to off in later versions of PHP. It's been coming for years and so most scripts will have been changed. For good measure I escaped the variables because you can't trust user input when you are forming database queries (Google SQL injection)