[pgo]

That's strange. On my contact form, I have it shorten the post variables, i.e. "$email = $_POST['email'];" for the sake of simplicity in form processing.

However, if I remove that line, the variable $email still works - with the correct value and everything!

How does it automatically know to check $_POST['email'] when the script is testing against $email?

Any ideas?

(NOTE: Only my host does this - my local system won't do recognize it.)

[cam]

your host must have register globals on, which it really shouldn't

[d*d]

bad for security that

[freelancr]

PHP4 config had register_globals on by default, it is bad for security as the end user could change your variables (using the address bar) if you didn't code it properly.

PHP5 config has register_globals off by default.

There are ways of disabling register_globals off in your php files just for your website. Google it, and test it by playing with php_info().

[pgo]

I was afraid of that. phpinfo() confirms it. Time to have a word with the ol' host...

Apparently, I'm on one of their older servers. New ones have register_globals off by default and I'm going to request that they move me.

[pgo]

Quote:

Originally Posted by freelancr

There are ways of disabling register_globals off in your php files just for your website. Google it, and test it by playing with php_info().

My host's support suggested that I can create a php.ini file for each domain I host that sets register_globals off. If I'm not interested in doing that, they said they'd move me to a different server (one of the newer ones with r_g disabled).