On Jan 10, 2008 4:41 PM, Jochem Maas <jochem@xxxxxxxxxxxxx> wrote: > Eric Butera schreef: > > On Jan 10, 2008 4:00 PM, Stut <stuttle@xxxxxxxxx> wrote: > >> Eric Butera wrote: > >>> Haha. Thank you for all that insightful research. Seriously though, > >>> using globals you might already be in hell! =\ > >> IMHO global variables are evil in the same way that register_globals > >> were. Despite everything you've probably heard it is actually possible > >> to create a secure site with register_globals enabled, but it needs to > >> be done with due care and attention. The same goes for globals. They are > >> not inherently evil but they are easily abused so you need to be careful > >> when you use them. > >> > >> -Stut > >> > >> -- > >> http://stut.net/ > >> > > > > Stut, > > > > That is all well and fine and I agree with you on some level. The > > only problem is that this is the php-general list and as such I try > > and put red flags on things to help others realize sooner than I did > > the pro/con list of things. > > if you can follow Stut's advice regarding globals then it's a good thing, > if you're very good at what you do you'll know when it's *acceptable* to > take a little short cut and use a global (most people have one or two those > little projects that have to be up and running in no time where a global > or two helps shave some undesired time and complexity from the project) > > > Register globals makes working with request data extremely easy. > > really? if you see $_POST['foo'] you know where it came from, > if you see $foo you can't be sure it's a request var ... in the most > extreme case it could be a var declared in an auto_prepend_file. $foo is less characters than $_POST['foo'], so yes it is easier to type. I didn't say it was right, I just said it made it easier. Anytime you see id= in a url or name= in a form just throw a $ sign in front of it and you're in business. I guarantee you a starting user will get that faster than $_GET and $_POST. Someone just coming at this isn't going to understand the difference between request types or the fact that a form can even have both of them in the method. :) > > of course if you know absolutely nothing about php it make's it easier - but > in the long run (same the 5 or 10 minutes it takes to read up on request superglobals) > it's an accident waiting to happen. I never said it wasn't. > > > > At > > the same time it also makes it where GPC collisions and whatnot can > > really burn you in the end. For the overwhelming majority of users it > > causes more problems than it solves which is why it is going away..... > > someday. > > > > > > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
