| strawberry 2007-03-30, 6:59 pm |
| Jerry Stuckle wrote:
> strawberry wrote:
>
> Yes, I agree with Paul. Someplace you missed one or more entries. Do
> you have an editor which can do a multiple file search? I've found it's
> almost imperative when working on sites.
>
> The other thing is - $PHP_SELF probably isn't the only variable coded
> this way. $_POST, $_GET, $_SESSION and $_COOKIE variables could also be
> a potential problem.
>
> It's not easy to find all the places register_globals affects. But you
> really should get them all out. I've found really the only sure-fire
> way to do this is to go through the code line by line. It's time
> consuming, but it works better than trying to troubleshoot all the
> errors they can cause. The good news is you *can* do this after you go
> live, then when you get them all fixed you can turn off register_globals.
>
> But I think it's better to do it before you go live.
>
>
> --
> ==================
> Remove the "x" from my email address
> Jerry Stuckle
> JDS Computer Training Corp.
> jstucklex@attglobal.net
> ==================
Doh! Of course - that's it! There's a $_POST request too. I didn't
appreciate that it was subject to the same limitation. I can't check
it now until Monday, but I bet that's it!
Thanks for the tip.
|