Jump to content

$_POST['var']

jandrews3

By jandrews3
in PHP Coding Help

 Share

Recommended Posts

jandrews3 Regular Member

jandrews3

Posted
Posted

I think I've done a big booboo. My VPS has register globals on, and I've written all of my <form> coding such that the variables pass to the next page without hassle. I've moved one of my sites off of the VPS to another host who apparently doesn't have register globals on. I have to rewrite ALL the code to include $var = $_POST['var'] on any page receiving a form posting, don't I?

Link to comment
Share on other sites
Zane Prolific Member

Zane

Posted
Posted

yep, that's what you get for coding with register_globals on and exactly why it's bad practice...

congratulations you've learned something first hand.

 

you could always just put this at the top of every single script you have

extract($_REQUEST);

 

then it would be just as insecure as if your were using register_globals...although..only for those modified pages.  Would be like a "register_globals" patch

Link to comment
Share on other sites
PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

Considering that register_globals were turned off by default over 7 years ago in php4.2 and have been completely removed in php6; that any code, books, and tutorials that relied on them should have disappeared long ago (7 years in computer/programming time is like a couple of decades in human time); that all the older php programmers stopped using them several years ago; that any new php programmer should not even know how to write code that relies on them; I don't see what the issue is. You knew sooner or later that you would need to rewrite any code that relied on them to make it secure and make it work without register_globals being on. You have just reached the point where sooner or later met now.

Link to comment
Share on other sites
Zane Prolific Member

Zane

Posted
Posted

really... 

$var = $_POST['var']

should never really be used.

 

all you're doing is making an exact copy of an already existing completely useful variable.

Now something like 

$var = (!is_null($_POST['var'])) ? $_POST['var'] : null;

I guess you could say that's acceptable since you're actually doing more than just copying the variable.  $var then serves a purpose.

Link to comment
Share on other sites
PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

You enjoyed that, didn't you.

Actually, no, I don't enjoy writing about the same old problem over and over and over... We should not be seeing posts in php programming help forums 7 years after something was changed for security reasons where same name variables overwrite each other giving unexpected results or where external variables stop working simply because the code was moved from one server to another or scripts that are broken into because session variables can be changed by setting an external value.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.