$_GET and $_POST to $ variables

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Mince
Forum Commoner
Posts: 25
Joined: Mon Aug 03, 2009 9:36 am

$_GET and $_POST to $ variables

Post by Mince »

Hi all

The company I am working for has numerous systems which are used in an intranet. We have recently decided to upgrade to a newer version of XAMPP. There has been a few changes necessary, but there is one problem which i cannot seem to fix.. Many pages require a variable to work, for example $heading_id. Now this variable is a get variable which is sent through like this for example:

Code: Select all

container.php?whattodo=testpage.php&heading_id=1
Now as you can see, everything is sent through a container.

Now my problem is that on most pages, $heading_id (or whichever necessary variable) is required, but the original programmer does not do a $_REQUEST or $_GET anywhere on the page. This leads me to believe that somewhere in the container he has a function which changes $_GET etc variables into $ variables. Does such a function exist? I have spent many hours sifting through the code but cannot find it anywhere!

Thanks in advance
Marinus
User avatar
DigitalMind
Forum Contributor
Posts: 152
Joined: Mon Sep 27, 2010 2:27 am
Location: Ukraine, Kharkov

Re: $_GET and $_POST to $ variables

Post by DigitalMind »

register_globals = On (php.ini)
but I wouldn't suggest you to use it. It's insecure.
Peter Kelly
Forum Contributor
Posts: 143
Joined: Fri Jan 14, 2011 5:33 pm
Location: England
Contact:

Re: $_GET and $_POST to $ variables

Post by Peter Kelly »

I believe you have upgraded your XAMPP to a newer version of PHP. By default in newer versions of PHP register_globals is disabled this is the function that would have turned the variables from $_GET to just $. PHP does not advise enabling this feature as it is soon to be deprecated and can pose great security risks. The best solution in terms of security would be to go through each page and manually fix it. But then you have to think of cost etc depending how big this Intranet itself is.
Mince
Forum Commoner
Posts: 25
Joined: Mon Aug 03, 2009 9:36 am

Re: $_GET and $_POST to $ variables

Post by Mince »

It works, thanks guys! And thanks for the advice on the security risk, etc, we'll have to discuss it sometime soon.

Have a good one! :drunk:
Marinus
User avatar
Jonah Bron
DevNet Master
Posts: 2764
Joined: Thu Mar 15, 2007 6:28 pm
Location: Redding, California

Re: $_GET and $_POST to $ variables

Post by Jonah Bron »

The extract method.

http://php.net/extract
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Re: $_GET and $_POST to $ variables

Post by John Cartwright »

Let me just say, don't do it! An ugly work-around would be

Code: Select all

$expectedParams = array(
   'header_id' => isset($_GET['header_id']) ? $_GET['header_id'] : null   
);

extract($expectedParams);
The point is, you NEVER want to allow variables to be dynamically injected. It is far better to define which variables you will allow into the global namespace, even though it is not ideal.
Post Reply