[nycphp-talk] <a href> vs. <form> request

George Webb gw.nyphp at
Wed Apr 16 19:32:48 EDT 2003

Yeah, Chris is right.  A form with no form elements
would not get caught.  What kind of weird situations are
you trying to protect against, anyway, Jerry?

	I'm not sure if this would help, but if you want
to kill all the incoming user params, I think you could
un-set $_REQUEST, $_GET, $_POST, and all those to NULL.
Of course, if you have register_globals ON, you'd have
to unset all your globals individualy.

	We could probably suggest better ideas if you
would explain what your security issues are.

Best, George.

George Webb
gw.nyphp at

More information about the talk mailing list