Page 1 of 1
$HTTP_POST_VARS Globals etc...
Posted: Wed Aug 07, 2002 5:49 am
by sinistre
Hey. I'm trying to "clean up" my scripts so that I can turn off "register globals" on my server. Now, do you think this would be an appropriate way of doing it or not? And do you have another way of doing it?
Say the variable xxx is being posted from a page.
Code: Select all
<?php
xxx = $HTTP_POST_VARSї"xxx"];
echo $xxx;
?>
I just think that including $HTTP_POST_VARS... everywhere would contribute to a lot of clutter. I'm not defeating the purpose of turning off the globals (security) by writing my scripts as above am I?
Re: $HTTP_POST_VARS Globals etc...
Posted: Wed Aug 07, 2002 6:02 am
by twigletmac
sinistre wrote:I just think that including $HTTP_POST_VARS... everywhere would contribute to a lot of clutter.
You may want to look into using the
extract() function.
sinistre wrote:I'm not defeating the purpose of turning off the globals (security) by writing my scripts as above am I?
No, because you are using the arrays properly. Using $HTTP_POST_VARS ensures that the data came from a form using the post method and not from a query string parameter. Just the same as using $HTTP_COOKIE_VARS checks that the value came from a cookie and $HTTP_SESSION_VARS that the value is a session variable. If you had PHP version 4.1 or above and started using $_REQUEST (which is a combination of $_GET, $_POST, $_COOKIE, and $_FILES) then you would be nullifying any security benefit of having reg globals off.
You might find some of the stuff in here interesting:
http://www.devnetwork.net/forums/viewto ... c&start=15
Mac
Thank you
Posted: Wed Aug 07, 2002 6:07 am
by sinistre
Thanx Mac.
