Re: PHP and "Register_Globals"

[Nasir Simbolon <nasir () 3wsi com>]

> I soon realized the security issues, and wrote my own
> validation-functions, ... to handle all the XSS and SQL-injection problems.
>
> my question is now: my app is 'safe', but what do I do if my future
> webhost has register_globals to 'off'?

use Variable variables, a feature of PHP. 
Put this in the beginning of your scripts 

/* Make $_POST variables global */
while(list($key,$val)=each($_POST)) 
        ${$key} = $val;

/* Make $_GET variables global */
while(list($key,$val)=each($_GET)) 
        ${$key} = $val;

you will get variables $_POST and $_GET registered globally. 

regads,

Nasir Simbolon