Hi all I thing we all agree on removal of this security evil script. Me and Marc already had non public discussion on this topic, however I thing it should go on this list, so lets start it again :-). Basically there is need for some function to grab required parameters from request and clean up GLOBALS array in case of register_globals is on. I suggested to create some function like: PMA_grabParameter($name, $request, $sanitizing = 'none', $required = TRUE) The request parameter might not be needed, but it's up to discussion. While Marc came with way how Moodle does it: Moodle does this (I did not pasted the full clean_param() function) $id = optional_param('id', 0, PARAM_INT); $name = optional_param('name'); $edit = optional_param('edit'); $idnumber = optional_param('idnumber'); function optional_param($varname, $default=NULL, $options=PARAM_CLEAN) { if (isset($_POST[$varname])) { // POST has precedence $param = $_POST[$varname]; } else if (isset($_GET[$varname])) { $param = $_GET[$varname]; } else { return $default; } return clean_param($param, $options); } Comments? I do not thing it is good idea to have optional parameters in most of code. -- Michal Čihař | http://cihar.com