Re: uh oh, I defined a resoruce

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Jan 10, 2008 4:41 PM, Jochem Maas <jochem@xxxxxxxxxxxxx> wrote:
> Eric Butera schreef:
> > On Jan 10, 2008 4:00 PM, Stut <stuttle@xxxxxxxxx> wrote:
> >> Eric Butera wrote:
> >>> Haha.  Thank you for all that insightful research.  Seriously though,
> >>> using globals you might already be in hell!  =\
> >> IMHO global variables are evil in the same way that register_globals
> >> were. Despite everything you've probably heard it is actually possible
> >> to create a secure site with register_globals enabled, but it needs to
> >> be done with due care and attention. The same goes for globals. They are
> >> not inherently evil but they are easily abused so you need to be careful
> >> when you use them.
> >>
> >> -Stut
> >>
> >> --
> >> http://stut.net/
> >>
> >
> > Stut,
> >
> > That is all well and fine and I agree with you on some level.  The
> > only problem is that this is the php-general list and as such I try
> > and put red flags on things to help others realize sooner than I did
> > the pro/con list of things.
>
> if you can follow Stut's advice regarding globals then it's a good thing,
> if you're very good at what you do you'll know when it's *acceptable* to
> take a little short cut and use a global (most people have one or two those
> little projects that have to be up and running in no time where a global
> or two helps shave some undesired time and complexity from the project)
>
> > Register globals makes working with request data extremely easy.
>
> really? if you see $_POST['foo'] you know where it came from,
> if you see $foo you can't be sure it's a request var ... in the most
> extreme case it could be a var declared in an auto_prepend_file.

$foo is less characters than $_POST['foo'], so yes it is easier to
type.  I didn't say it was right, I just said it made it easier.
Anytime you see id= in a url or name= in a form just throw a $ sign in
front of it and you're in business.  I guarantee you a starting user
will get that faster than $_GET and $_POST.  Someone just coming at
this isn't going to understand the difference between request types or
the fact that a form can even have both of them in the method. :)

>
> of course if you know absolutely nothing about php it make's it easier - but
> in the long run (same the 5 or 10 minutes it takes to read up on request superglobals)
> it's an accident waiting to happen.

I never said it wasn't.

>
>
> > At
> > the same time it also makes it where GPC collisions and whatnot can
> > really burn you in the end.  For the overwhelming majority of users it
> > causes more problems than it solves which is why it is going away.....
> > someday.
>
>
>
> >
>
>

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux