PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
Moderator: General Moderators
James M.
Forum Contributor
Posts: 119 Joined: Wed Mar 31, 2004 6:41 pm
Location: Tallahassee
Post
by James M. » Wed Sep 15, 2004 10:22 pm
I was just wondering why every forum running on php I have seen has globals on yet they tell you that globals aren't secure and you should write your sciprts so that they do not require globals to be on?
feyd
Neighborhood Spidermoddy
Posts: 31559 Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA
Post
by feyd » Wed Sep 15, 2004 11:10 pm
they were probably written back when globals were on be default...
James M.
Forum Contributor
Posts: 119 Joined: Wed Mar 31, 2004 6:41 pm
Location: Tallahassee
Post
by James M. » Wed Sep 15, 2004 11:11 pm
Have you seen a forum that doesnt use globals like this one?
feyd
Neighborhood Spidermoddy
Posts: 31559 Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA
Post
by feyd » Wed Sep 15, 2004 11:19 pm
phpbb doesn't use register_globals.
James M.
Forum Contributor
Posts: 119 Joined: Wed Mar 31, 2004 6:41 pm
Location: Tallahassee
Post
by James M. » Wed Sep 15, 2004 11:20 pm
oh, then whats all that on the links?
feyd
Neighborhood Spidermoddy
Posts: 31559 Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA
Post
by feyd » Wed Sep 15, 2004 11:21 pm
you mean the t= part in:
viewtopic.php?t=26053 ??
that's a url parameter, so it can find the topic you want to read.
James M.
Forum Contributor
Posts: 119 Joined: Wed Mar 31, 2004 6:41 pm
Location: Tallahassee
Post
by James M. » Wed Sep 15, 2004 11:23 pm
yea, i thought you could only do that with globals on. i should look into that for an early site i made that uses url parameters so i dont have 2 re-write everything
markl999
DevNet Resident
Posts: 1972 Joined: Thu Oct 16, 2003 5:49 pm
Location: Manchester (UK)
Post
by markl999 » Wed Sep 15, 2004 11:23 pm
Globals would be using $t in viewtopic.php as opposed to using $_GET['t']
James M.
Forum Contributor
Posts: 119 Joined: Wed Mar 31, 2004 6:41 pm
Location: Tallahassee
Post
by James M. » Wed Sep 15, 2004 11:26 pm
hehehe, i forgot all about using $_GET[]. makes sense now
m3mn0n
PHP Evangelist
Posts: 3548 Joined: Tue Aug 13, 2002 3:35 pm
Location: Calgary, Canada
Post
by m3mn0n » Wed Sep 15, 2004 11:27 pm
Yeah, register_globals OFF doesn't mean you can't use the GET method. You just access it by $_GET, like mark stated.
The security improvement is if you use POST, you won't have people faking variables via GET and screwing with your site.
James M.
Forum Contributor
Posts: 119 Joined: Wed Mar 31, 2004 6:41 pm
Location: Tallahassee
Post
by James M. » Wed Sep 15, 2004 11:34 pm
Thanks, that makes my job so much easier. It takes so long to make work arounds.
dethron
Forum Contributor
Posts: 370 Joined: Sat Apr 27, 2002 11:39 am
Location: Istanbul
Post
by dethron » Thu Sep 16, 2004 4:36 am
And then using $_REQUEST[] is the same as using register_globals ON, in terms of security. Right?
timvw
DevNet Master
Posts: 4897 Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium
Post
by timvw » Thu Sep 16, 2004 4:44 am
imho it's not. because if you don't put anything yourself in $_REQUEST you know it's coming from the mean world
thus at least you know $nice_world exists
dethron
Forum Contributor
Posts: 370 Joined: Sat Apr 27, 2002 11:39 am
Location: Istanbul
Post
by dethron » Thu Sep 16, 2004 5:25 am
nice point
well, beside of this fact (that is mentioned by you.), is there any other advantage of using $_REQUEST instead of using register_globals ON?
John Cartwright
Site Admin
Posts: 11470 Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:
Post
by John Cartwright » Thu Sep 16, 2004 6:14 am
Yes there are several advantages, but the fact remains you should always code with register globals off.