Okay folks, I've been looking through the online documentations for VB3 and what not now that I have my life back and I have come to realize that I don't know how that function works....

I understand it's used to clean out any magic-quotes that are in the $_GET, $_POST, or $_REQUEST globals, but say I've a large array of $keys => $values, do I HAVE to put each individual $key in the globalize() function, or can I just use a foreach ($_POST AS $key => $value) loop and have it globalize the entire contents in one shot? (We're talking about a 50+ $key => $value array).

Globalize CAN sanitize some values, but the main purpose is to make $_POST etc. vars available as normal variables.

You can not do any sanitisation on an array. You will have to treat each value as untrusted when processing.

Globalize CAN sanitize some values, but the main purpose is to make $_POST etc. vars available as normal variables.

You can not do any sanitisation on an array. You will have to treat each value as untrusted when processing.
So I'm basically stuck adding 50+ lines to the globalize array then?
globalize($_POST, array(
'userid' => INT,
'username' => STR_NOHTML,
'etc' => STR,
'etc' => STR
));
That's gonna be a HUGE amount of lines for what I'm trying to do, and I'm not really comfortable having that much space taken up if I don't need to.

Is it absolutely required on a page, or does the define('NO_REGISTER_GLOBALS', 1); cover me on this?

No, you just globalize the array, then you make sure that you protect your sql-statements against injections when one of the array elements is used.

No, you just globalize the array, then you make sure that you protect your sql-statements against injections when one of the array elements is used.
* Cloudrunner head starts to hurt...

got the globalize, that's cool, but You've confused me with the injections. How does one protect from injections? Sorry to sound newbish, but the sql-injection protection thing is new to me....

are you talking about having a different site, page whatever throw the variables into the script so that the SQL uses those variables instead of the ones it's truly looking for?

You should protect all external variables used in sql-statements (and some other places) against possible injection of mallicious code. You can do this by forcing numbers to integer (ie. intval($mynumber)) or addslashes (ie. addslashes($myalphabetic)).

You should protect all external variables used in sql-statements (and some other places) against possible injection of mallicious code. You can do this by forcing numbers to integer (ie. intval($mynumber)) or addslashes (ie. addslashes($myalphabetic)).
ah, okay, I do that already!

Thank you for the help!!!