Re: Re: [PHP-DB] php4 to php5

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Greg Bowser wrote:
Sounds like you're talking about the register_globals functionality. It's a
php.ini setting that will cause $_POST['foo'] or $_GET['foo'] to be copied
to the global variable $foo. This is somewhat of a security risk, thus
disabled by default.

There's another superglobal array that you might find useful: $_REQUEST.
$_REQUEST consists of variables from $_GET,$_POST,$_COOKIE (in that order, I
believe).

Here is a snippet from my php.ini file

; This directive describes the order in which PHP registers GET, POST, Cookie,
; Environment and Built-in variables (G, P, C, E & S respectively, often
; referred to as EGPCS or GPC).  Registration is done from left to right, newer
; values override older values.
variables_order = "GPCS"

Get -> Post -> Cookie -> Session

With the latter overwriting the previous.


http://us3.php.net/manual/en/reserved.variables.php

http://us3.php.net/manual/en/ini.core.php#ini.register-globals

--GREG

On Thu, Apr 3, 2008 at 6:40 PM, ioannes <ioannes@xxxxxxxxxxxxxx> wrote:

I suppose I am behind the time in migrating from php4 to 5.  That said, my
main problem is getting variables recognised.  I can see how to do it - you
need to identify all the variables that could be sent from the page and then
assign a name, as in $myvar=$_GET['myvar'] and ditto for POST variables if
any.  Is there a function to convert all get and post variables to $_GET and
$_POST, or is that a security concern?  The further I have got is this:

function php5($var) {
  if(ISSET($_POST[$var])&&$_POST[$var]<>"") {
      $newvar=$_POST[$var];
  } else {
      $newvar=$_GET[$var];
  }
  return $newvar;
}

$input_variable=php5('input_variable');

however I would like to do this for all variable, I tried iterating
through the $_GET and $_POST arrays but could not get it to work.

Anyway the main reason I am writing is:

- where the web page form uses the POST method, but there are parameters
in the URL after the ? sign, these 'get' parameters seem to stay there when
you submit the form from eg <input type=submit> button.  So, let's say the
script will add a line if addlines=y, if before you submit the form you have
?addline=y in the URL you will continue to add lines according to the script
even though there is no hidden variable on the page called 'addline',
because every time you submit the form with POST you have addline=y in the
URL - if the script looks at GET variables then this will feed into the
script.  This does not seem to happen with php4 - if the page does not
submit an 'addline' variable from a form field, it will not feed into the
script.  So what's the rationale for that (the URL submitting the variables)
and what is the usual solution?  The problem arises on this particular page
because of a mix of buttons, some are javascript and send the addline=y with
onClick.

John


--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php





--
Jim Lucas

   "Some men are born to greatness, some achieve greatness,
       and some have greatness thrust upon them."

Twelfth Night, Act II, Scene V
    by William Shakespeare


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux