||Ten Security Checks for PHP, Part 2|
|Subject:||Avoid Loose Typing Intricacies - fix|
Response to: Avoid Loose Typing Intricacies - fix
The code is certainly not intended for a production site - the code was given as an example of what _NOT_ to do. The text discussing the code illustrates these flaws. It is based on the security hole found in PHPMyAdmin some time ago, but simplified for clarity and the ability to run as a stand-alone script. Your suggestion is certainly valid and follows the advice in the "Possible Fixes" section for this hole.
Hear us Roar