Nel wrote:yes, that's right.> I have a question related to the "security" issues posed by Globals ON.
> It is good programming technique IMO to initialise variables, even if it's
> $foo = 0;
> $bar = "";
> Surely it would be better to promote better programming than rely on PHP to
> compensate for lazy programming?
If you program strict and in a good style register globals won't harm
you. But what if you once forget to initialize a variable? Register
Globals is not a real security hole, but some programmer may forget an
initialization (for instance when many programmer work on that project).
yes: global variables are bad.>
> Of does turning RG off have some other benefit of which I am not aware?
why would one use them? because it is easy to work with global variables.
If register globals is Off you are more likely to use less global variables.
you use in a script (not in a function, in global namespace) a variable
called $site, and some months later an other programmer invent a new
feature to display a table over more than one site -> he invents a GET
param called $site to know which site actually is displayed -> you
overwrite with your $site his GET $site and now you're in trouble.
because PHP doesn't provide namespaces it is important to seperate the
different 'namespaces'. $_GET has nothing to do with the global
namespace (of course it has, but it's kind of child of $GLOBALS - so
this is how you should use it)