Page 1 of 1

$_GET and $_POST to $ variables

Posted: Tue Mar 01, 2011 2:51 am
by Mince
Hi all

The company I am working for has numerous systems which are used in an intranet. We have recently decided to upgrade to a newer version of XAMPP. There has been a few changes necessary, but there is one problem which i cannot seem to fix.. Many pages require a variable to work, for example $heading_id. Now this variable is a get variable which is sent through like this for example:

Code: Select all

container.php?whattodo=testpage.php&heading_id=1
Now as you can see, everything is sent through a container.

Now my problem is that on most pages, $heading_id (or whichever necessary variable) is required, but the original programmer does not do a $_REQUEST or $_GET anywhere on the page. This leads me to believe that somewhere in the container he has a function which changes $_GET etc variables into $ variables. Does such a function exist? I have spent many hours sifting through the code but cannot find it anywhere!

Thanks in advance
Marinus

Re: $_GET and $_POST to $ variables

Posted: Tue Mar 01, 2011 3:29 am
by DigitalMind
register_globals = On (php.ini)
but I wouldn't suggest you to use it. It's insecure.

Re: $_GET and $_POST to $ variables

Posted: Tue Mar 01, 2011 4:05 am
by Peter Kelly
I believe you have upgraded your XAMPP to a newer version of PHP. By default in newer versions of PHP register_globals is disabled this is the function that would have turned the variables from $_GET to just $. PHP does not advise enabling this feature as it is soon to be deprecated and can pose great security risks. The best solution in terms of security would be to go through each page and manually fix it. But then you have to think of cost etc depending how big this Intranet itself is.

Re: $_GET and $_POST to $ variables

Posted: Tue Mar 01, 2011 7:11 am
by Mince
It works, thanks guys! And thanks for the advice on the security risk, etc, we'll have to discuss it sometime soon.

Have a good one! :drunk:
Marinus

Re: $_GET and $_POST to $ variables

Posted: Tue Mar 01, 2011 11:44 am
by Jonah Bron
The extract method.

http://php.net/extract

Re: $_GET and $_POST to $ variables

Posted: Tue Mar 01, 2011 11:55 am
by John Cartwright
Let me just say, don't do it! An ugly work-around would be

Code: Select all

$expectedParams = array(
   'header_id' => isset($_GET['header_id']) ? $_GET['header_id'] : null   
);

extract($expectedParams);
The point is, you NEVER want to allow variables to be dynamically injected. It is far better to define which variables you will allow into the global namespace, even though it is not ideal.