[SOLVED] forums have globals on, why?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

User avatar
James M.
Forum Contributor
Posts: 119
Joined: Wed Mar 31, 2004 6:41 pm
Location: Tallahassee

forums have globals on, why?

Post by James M. »

I was just wondering why every forum running on php I have seen has globals on yet they tell you that globals aren't secure and you should write your sciprts so that they do not require globals to be on?
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

they were probably written back when globals were on be default...
User avatar
James M.
Forum Contributor
Posts: 119
Joined: Wed Mar 31, 2004 6:41 pm
Location: Tallahassee

Post by James M. »

Have you seen a forum that doesnt use globals like this one?
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

phpbb doesn't use register_globals.
User avatar
James M.
Forum Contributor
Posts: 119
Joined: Wed Mar 31, 2004 6:41 pm
Location: Tallahassee

Post by James M. »

oh, then whats all that on the links?
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

you mean the t= part in: viewtopic.php?t=26053 ??

that's a url parameter, so it can find the topic you want to read.
User avatar
James M.
Forum Contributor
Posts: 119
Joined: Wed Mar 31, 2004 6:41 pm
Location: Tallahassee

Post by James M. »

yea, i thought you could only do that with globals on. i should look into that for an early site i made that uses url parameters so i dont have 2 re-write everything
User avatar
markl999
DevNet Resident
Posts: 1972
Joined: Thu Oct 16, 2003 5:49 pm
Location: Manchester (UK)

Post by markl999 »

Globals would be using $t in viewtopic.php as opposed to using $_GET['t'] ;)
User avatar
James M.
Forum Contributor
Posts: 119
Joined: Wed Mar 31, 2004 6:41 pm
Location: Tallahassee

Post by James M. »

hehehe, i forgot all about using $_GET[]. makes sense now
User avatar
m3mn0n
PHP Evangelist
Posts: 3548
Joined: Tue Aug 13, 2002 3:35 pm
Location: Calgary, Canada

Post by m3mn0n »

Yeah, register_globals OFF doesn't mean you can't use the GET method. You just access it by $_GET, like mark stated.

The security improvement is if you use POST, you won't have people faking variables via GET and screwing with your site.
User avatar
James M.
Forum Contributor
Posts: 119
Joined: Wed Mar 31, 2004 6:41 pm
Location: Tallahassee

Post by James M. »

Thanks, that makes my job so much easier. It takes so long to make work arounds.
User avatar
dethron
Forum Contributor
Posts: 370
Joined: Sat Apr 27, 2002 11:39 am
Location: Istanbul

Post by dethron »

And then using $_REQUEST[] is the same as using register_globals ON, in terms of security. Right?
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Post by timvw »

imho it's not. because if you don't put anything yourself in $_REQUEST you know it's coming from the mean world ;)

thus at least you know $nice_world exists :)
User avatar
dethron
Forum Contributor
Posts: 370
Joined: Sat Apr 27, 2002 11:39 am
Location: Istanbul

Post by dethron »

:) nice point ;)
well, beside of this fact (that is mentioned by you.), is there any other advantage of using $_REQUEST instead of using register_globals ON?
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

Yes there are several advantages, but the fact remains you should always code with register globals off.
Post Reply