RE: FN-FORUM: php funny

date posted 19th November 2007 15:15

>
> [snip]
> >
> > You really should be echoing $_POST["Photoend_20_Sd"] and make sure
> > register_globals is "off"
>
> You really *shouldn't* be using $_POST or $_REQUEST on
> these echoes, as you should be cleaning *all* user-inputted
> data before processing it. As such, having it as a variable
> that has been cleaned (assuming it's being cleaned of course
> :-) ) is a far better bet than just passing on potentially
> harmful inputs through the pages.

True. No disagreement here. Think I was trying to put over two many points
in one place, i.e. the OP was echoing the wrong variable, the posted
variables should be referred to as part of the $_POST array, and
register_globals should be off.... Hey - it's a dull Monday, and there's
still 2 hours to go ;-)