On Wed, Oct 28, 2009 at 1:27 PM, tedd <tedd@xxxxxxxxxxxx> wrote: > Hi gang: > > I am reviewing some old code (circa 2003) where the programmer had one > script call another and placed variable values in the URL, like so: > > <a href="user_edit.php?user_id=5223&action=edit"> > > That seems innocent enough. However, in the called script (i.e., > "user_edit.php") there are no: > > $user_id = $_GET['user_id']; > $action = $_GET['action']; > > statements to populate the variables, yet the variables get populated with > the values sent!?! > > How did he do that? > > Incidentally, he did have in the .htaccess file the statement: > > php_flag register_globals 1 > > So I figure that Globals have something to do with it, but I never use > Globals. And if I print_r $GLOBALS, I find that user_id and action are > listed (many times), but I don't see how that works. > > Furthermore, something got changed and the entire script no longer works. So > I'm in a quandary to figure this out -- any ideas, suggestions, references? > > Thanks, > > tedd > That's exactly what register_globals does. It's analogous to prepending your scripts with this: <?php extract($_GET); extract($_POST); extract($_COOKIE); extract($_SESSION); ?> (The order would be determined by the ini directive variables_order) Andrew -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
