Jump to content


Photo

Register Global - in search of a replacement


  • Please log in to reply
12 replies to this topic

#1 MCrosbie

MCrosbie
  • Members
  • PipPipPip
  • Advanced Member
  • 36 posts

Posted 26 September 2006 - 12:26 PM

Hi all.

My server emailed me today telling me the following:
" Currently PHP Register Globals is set to ON across our entire network of servers and will be changed to OFF. "

I don't exactly know what this means. I use alot of address bar variables via $_GET e.g. the id of a page will dictate it's content mypage.php?id=100923 the id of the page would be 100923. Would this still work? I really have no idea what affect this will have and my server are not being cooperative with their responses.

How would one drop the need for Register Globals to be set as ON?

Thanks for your help!

Michael

#2 steveclondon

steveclondon
  • Members
  • PipPipPip
  • Advanced Member
  • 161 posts

Posted 26 September 2006 - 01:09 PM

yes if you use $_GET or $_POST or $_REQUEST it will all still work.

#3 Ninjakreborn

Ninjakreborn
  • Members
  • PipPipPip
  • Information Technology Specialist
  • 3,922 posts
  • Age:33

Posted 26 September 2006 - 02:30 PM

if you want to make your pages safe, putting variable code near the top of each page fixes all problems.
For instance if a form is getting submitted, go to the page that it is getting submitted to, and prepare them all
Like they should be done anyway

$variable1 = $_GET['variable1']
$variable2= $_GET['variable2']
if your not sure whether they are coming from get or post, or your not That good at php yet, to know which is which, then for each variable put
if ($_GET['variablename']) {
$variablename = $_GET['variablename'];
}elseif ($_POST['variablename']) {
$variablename = $_POST['variablename'];
}
and do that for each variable it'll solve most of your register global problems.

------

Business Website: http://www.infotechnologist.biz

Personal Website: http://www.joyelpuryear.com

Blog Site: http://www.realmofwriting.com
Services: Web development, application development, mobile development, and custom development. All services listed on my website.


#4 trq

trq
  • Staff Alumni
  • Advanced Member
  • 31,041 posts

Posted 26 September 2006 - 02:43 PM

You also need to check they exist before you try to use them.

$variable1 = $_GET['variable1']

Will produce a warning if $_GET['variable1'] does not exist. Use...

$variable1 = ($_GET['variable1']) ? $_GET['variable1'] : "";

to be safe.

#5 Ninjakreborn

Ninjakreborn
  • Members
  • PipPipPip
  • Information Technology Specialist
  • 3,922 posts
  • Age:33

Posted 26 September 2006 - 02:46 PM

$variable1 = ($_GET['variable1']) ? $_GET['variable1'] : "";

WHat does that mean?

------

Business Website: http://www.infotechnologist.biz

Personal Website: http://www.joyelpuryear.com

Blog Site: http://www.realmofwriting.com
Services: Web development, application development, mobile development, and custom development. All services listed on my website.


#6 trq

trq
  • Staff Alumni
  • Advanced Member
  • 31,041 posts

Posted 26 September 2006 - 02:49 PM

Its the same as...

if ($_GET['variable1']) {
  $variable = $_GET['variable1'];
} else {
  $variable = "";
}


#7 wildteen88

wildteen88
  • Staff Alumni
  • Advanced Member
  • 10,482 posts
  • LocationUK, Bournemouth

Posted 26 September 2006 - 04:01 PM

You should use isset. Dont use GET/POST on its own when checking whether they exist or not:
$variable1 = (isset($_GET['variable1']) && !empty($_GET['variable1'])) ? $_GET['variable1'] : "";


#8 obsidian

obsidian
  • Staff Alumni
  • Advanced Member
  • 3,202 posts
  • LocationSeattle, WA

Posted 26 September 2006 - 04:06 PM

you could go one step further and just auto assign all the $_GET and $_POST variables for the pages that assume register_globals to be on:
<?php
foreach ($_REQUEST as $key => $val) $$key = $val;
?>

You can't win, you can't lose, you can't break even... you can't even get out of the game.

<?php
while (count($life->getQuestions()) > 0)
{   $life->study(); } ?>
  LINKS: PHP: Manual MySQL: Manual PostgreSQL: Manual (X)HTML: Validate It! CSS: A List Apart | IE bug fixes | Zen Garden | Validate It! JavaScript: Reference Cards RegEx: Everything RegEx

#9 .josh

.josh
  • Staff Alumni
  • .josh
  • 14,871 posts

Posted 26 September 2006 - 04:12 PM

hi. yes, as lots of others have mentioned, using $_GET/$_POST (and properly checking for them) is what you must do. but i think people kind of skipped to step C and forgot about point B.

since your register_globals is set to ON, when you pass a variable through your addressbar like

index.php?id=123

you can access it by simply doing something like this:

echo $id;

well when they turn register_globals OFF, you can no longer do that. when you pass a variable through the address bar like above, you now have to access it like this:

echo $_GET['id'];

same thing with posted variables from forms.  with register_globals set to ON, when you had a form and had a text input tag called name='blah' and you click submit, you can then access in your processing script by simply using $blah.  Well now you have to use $_POST['blah'] or $_GET['blah'] depending on your form's method. 

$_POST and $_GET are arrays.  treat them like arrays, because that's what they are.  They are arrays of your variables passed to your next script from forms or address bars or whatever, and each array element 's name is the name of your variable.

$_POST['variablename']

from here, you can then go back to the previous posts as far as checking to make sure they exist/are legit/convert them back to regular $variablename for your coding pleasure. 




Did I help you? Feeling generous? Buy me lunch! 
Please, take the time and do some research and find out how much it would have cost you to get your help from a decent paid-for source. A "roll-of-the-dice" freelancer will charge you $5-$15/hr. A decent entry level freelancer will charge you around $15-30/hr. A professional will charge you anywhere from $50-$100/hr. An agency will charge anywhere from $100-$250/hr. Think about all this when soliciting for help here. Think about how much money you are making from the work you are asking for help on. No, we do not expect you to pay for the help given here, but donating a few bucks is a fraction of the cost of what you would have paid, shows your appreciation, helps motivate people to keep offering help without the pricetag, and helps make this a higher quality free-help community :)

#10 wildteen88

wildteen88
  • Staff Alumni
  • Advanced Member
  • 10,482 posts
  • LocationUK, Bournemouth

Posted 26 September 2006 - 04:18 PM

Hay C-V MCrosbie was already doing that. MCrosbie used $_GET to access the variables from the url as said in the first post of the thread by the OP. Thats why every skipped step B :D

#11 MCrosbie

MCrosbie
  • Members
  • PipPipPip
  • Advanced Member
  • 36 posts

Posted 26 September 2006 - 09:06 PM

Wow. You guys outdid yourselves. So, as long as I use $_GET,$_POST, $_REQUEST and define where the variable is coming from everything will work? And also this verification of all the variables, is there a way you can do this by not adding extra code for each $_GET, $_POST, $_REQUEST you have in your code? Is this what obsidians code was trying to achieve?

#12 obsidian

obsidian
  • Staff Alumni
  • Advanced Member
  • 3,202 posts
  • LocationSeattle, WA

Posted 27 September 2006 - 01:24 AM

yes, what my code is doing is pulling all the variables from the $_REQUEST array (which contains both $_GET and $_POST variables inside it), and it is creating individual variables for each on of the elements in that array.
You can't win, you can't lose, you can't break even... you can't even get out of the game.

<?php
while (count($life->getQuestions()) > 0)
{   $life->study(); } ?>
  LINKS: PHP: Manual MySQL: Manual PostgreSQL: Manual (X)HTML: Validate It! CSS: A List Apart | IE bug fixes | Zen Garden | Validate It! JavaScript: Reference Cards RegEx: Everything RegEx

#13 kenrbnsn

kenrbnsn
  • Staff Alumni
  • Advanced Member
  • 8,235 posts
  • LocationHillsborough, NJ, USA

Posted 27 September 2006 - 05:25 AM

There's also the extract() function, which does the same thing as obsidian's loop. It cam do more, so read the manual page.

<?php
if (!empty($_POST)) extract($_POST);
if (!empty($_GET)) extract($_GET);
?>

But, I would get used to using the explicit $_POST and/or $_GET refereneces (as well as $_SESSION). It make life a lot easier when you come back to code after havning not seen it for a few months.

Of course after validating the user input, you would probably not use $_GET['xxx'] or $_POST['xxx'], but a reference to the validation array you've filled.

Ken




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users