I have read often that you shouldn't use variables like $sql to hold your SQL queries or the like, because if your register globals is on it can be overridden.
I have also read that this is overcome if you declare variables at the start of each page.
What I dont understand is, lets just say that I take info and run it through a mySQL query which is stored in the variable $sql. If I have the code in the format of:
Code: Select all
$sql = "query here";
{database call here}Sorry if this seems really simple, but I've never seen it stated HOW this is a threat.
Thanks