On Tuesday 12 September 2006 01:16, Zbigniew Szalbot wrote: > Hello again, > > Can I ask a general question? One of the website that we have built was > constructed using register globals. Thanks to that we set the language for > browsing the website by determining user's browser language and then also > (I think) it is used to remember some other choices users make while on > the website (especially the language for browsing). > > Anyway, our ISP asks us to stop using register globals. They are right. We > should. However, the programmer we have been using to help us, insists > that without register globals on, we will have to revert to using cookies. > This - he claims - is not an option because if a user blocks cookies, site > as such will become useless (many options on the website are a consequence > of setting the language first). > > I thought I would ask your opinion before we make any decision. Is it > really so that without register globals, such things as displaying > information from databases based on the initial choice of languages is not > an option? I am not a programmer so I just need general guidance. > > Thank you very much in advance! Your programmer is (a) lying (b) completely and totally clueless (c) both. (Choose one.) In any vaguely recent version of PHP, you get five super-global array variables: $_GET - any parameters passed in the GET string. $_POST - any parameters passed in the body of a POST query. $_REQUEST - The two above merged. I forget which takes precedence. $_COOKIE - Any values sent by the browser as a cookie. $_SESSION - Any values that you have saved to the session array, which is (usually) persisted on the client's browser as a session cookie. All register globals does is take the contents of those arrays and dump them into the global namespace. (Again, I forget off hand what the precedence is.) You can very easily simulate register globals (which you should never do) with: for ($_REQUEST as $key => $value) $GLOBALS[$$key] = $value; for ($_COOKIE as $key => $value) $GLOBALS[$$key] = $value; Disabling register globals does not in any way keep you from using cookies. Of course, 90% of the time if you're using cookies, you REALLY mean to be using a session instead. Remembering a user's setting, such as what language they want, is a text-book example of where you want to be using sessions. Register globals is not required for that in any way shape or form. It may well be the case that refactoring your code to not depend on register globals will be difficult, time consuming, or annoying. That's quite possible. But that has nothing to do with cookies. Nor is there any way for you to persist data between page loads using register globals in the first place. Your programmer is full of it. As for a user disabling cookies, my honest opinion is that it's fucking 2006, if someone is so paranoid that they're blocking on-site session cookies then they shouldn't be allowed to use a web browser in the first place. :-) -- Larry Garfield AIM: LOLG42 larry@xxxxxxxxxxxxxxxx ICQ: 6817012 "If nature has made any one thing less susceptible than all others of exclusive property, it is the action of the thinking power called an idea, which an individual may exclusively possess as long as he keeps it to himself; but the moment it is divulged, it forces itself into the possession of every one, and the receiver cannot dispossess himself of it." -- Thomas Jefferson -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
