HarryG wrote:
> Which process is better to use in PHP?
>
> Having register_globals=on and referring to variables as if($name){} or
> using $_GET & $_POST statements like if(isset($_GET['name']))?
>
> What is the main advantage/disadvantage in both cases.
The only advantage in register_globals = ON is a slight convenience factor
in using: $foo instead of $_GET['foo'].
The disadvantages include:
#1: Major security issue. This is documented with a clear-cut example at:
http://us3.php.net/register_globals
Read this page, and re-read this page, and keep asking questions until you
COMPLETELY understand the issue.
#1a: It's possible that you're a PERFECT programmer and would never write
code like this... But then you go installing that PHP forum, or database
abstraction class, or enhanced (cough, cough) email sending class or ...
and you have to rely on the OTHER guy being a perfect programmer... Not
gonna happen, my friend. Turn register_globals OFF
#2: Your code should be self-documenting in terms of WHERE the variables
come from. $foo tells me nothing about where it came from. $_GET['foo']
tells me it came from the URL after the ? with a ?foo=xxx. $_POST['foo']
tells me it came from a form with some kind of INPUT tag with NAME="foo"
(or possibly NAME="foo[]" or even NAME="foo[index]" . You can even use
$_REQUEST['foo'] to indicate that your script happily accepts either POST
or GET data.
#3: I've never seen it measured, but I suppose there is some
infinitesimally small performance advantage to register_globals = OFF,
since then PHP doesn't have to loop through and set all the values...
This is a non-issue unless you are passing a *TON* of variables through
HTTP, which is probably a Bad Idea (tm) in the first place.
--
Like Music?
http://l-i-e.com/artists.htm
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
