Geoff wrote:
>I urge you to fix this, but in the mean while:
extract($_GET);
What is the new way to do this?
I've read through the link you gave me but it isn't completely clear
to me.
1. All variables from a GET request are in the $_GET-array. This will make
sure that they don't 'infect' used variables.
2. When using a $_GET variable, first make sure it's a type you expect.
(for instance:
$id = intval($_GET['id']);//make sure it's an integer
$name = preg_replace('/^[a-z0-9]/i','',$_GET['name']);//only
alphanumeric characters)
3. Use validated variables as you would like.
The main reason is that (sloppy) code with uninitialized variables can be
influenced with either GET or POST request resulting in unexpected and/or
undesireable results. Alwaus make sure you:
a: initiliaze all variables.
b: no outside variables are used for anything without a proper type-check
first.
--
Grtz,
Rik Wasmus