One quick glance of an experienced eye allowed to understand the blurred
and almost unreadable micha's handwriting:
could be a register_globals problem
if register_globals is off now, ?st=100 will not be registered
automatically as $st=100 anymore.
instead it will be accessible through the $_POST array as $_POST['st'].
Nope, it'll be the $_GET array and $_GET['st']. :)
if that is the problem, rather change your scripts than switch on
register_globals, because register_globals off is a good thing to have
(security wise).
Agreed. Imagine you are using a global variable called "admin" set to
false unles a proper admin authorization occurs... Now, when you have
register_globals set to "on", you'll get this global var in the $admin
var AND ?anything=whatever will give you a global var $anything with
value "whatever".
Now imagine somebody doing this:
?admin=true
You will get the $admin var with "true" as value - but without any
authentication...
When register globals is off, you'll get your global var as
$GLOBALS['admin'] and the var from the address as $_GET['admin'] - no
security risk here. :)
Cheers
Mike
