I forgot to tell you that using
register_global is consider as insecure code.
Because
register_global will get and declare variable from HTML form
directly, or session... and somethimes it will make you confusing and
messing. Here is simple example that prove that register_global is not
secure. I create an administrator page.
admin.php PHP Code:
<?php
if ($admin) {
print "you're an administrator";
} else {
print "you're not an administrator";
}
?>
I could simply using GET action to crack in your code by using this link
admin.php?admin=1. I know this is very simple example and it will never
happen in real time. But just example to know it is unsecure to use
register_global. Much of PHP sever disable it.
From siLenTz
Piece of pizza information...