Jump to content

Register Global - in search of a replacement


MCrosbie

Recommended Posts

Hi all.

My server emailed me today telling me the following:
" Currently PHP Register Globals is set to ON across our entire network of servers and will be changed to OFF. "

I don't exactly know what this means. I use alot of address bar variables via $_GET e.g. the id of a page will dictate it's content mypage.php?id=100923 the id of the page would be 100923. Would this still work? I really have no idea what affect this will have and my server are not being cooperative with their responses.

How would one drop the need for Register Globals to be set as ON?

Thanks for your help!

Michael
Link to comment
Share on other sites

if you want to make your pages safe, putting variable code near the top of each page fixes all problems.
For instance if a form is getting submitted, go to the page that it is getting submitted to, and prepare them all
Like they should be done anyway

$variable1 = $_GET['variable1']
$variable2= $_GET['variable2']
if your not sure whether they are coming from get or post, or your not That good at php yet, to know which is which, then for each variable put
if ($_GET['variablename']) {
$variablename = $_GET['variablename'];
}elseif ($_POST['variablename']) {
$variablename = $_POST['variablename'];
}
and do that for each variable it'll solve most of your register global problems.
Link to comment
Share on other sites

You also need to check they exist before you try to use them.

[code=php:0]
$variable1 = $_GET['variable1']
[/code]

Will produce a warning if $_GET['variable1'] does not exist. Use...

[code=php:0]
$variable1 = ($_GET['variable1']) ? $_GET['variable1'] : "";
[/code]

to be safe.
Link to comment
Share on other sites

hi. yes, as lots of others have mentioned, using $_GET/$_POST (and properly checking for them) is what you must do. but i think people kind of skipped to step C and forgot about point B.

since your register_globals is set to ON, when you pass a variable through your addressbar like

[b]index.php?id=123 [/b]

you can access it by simply doing something like this:

[b]echo $id;[/b]

well when they turn register_globals OFF, you can no longer do that. when you pass a variable through the address bar like above, you now have to access it like this:

[b]echo $_GET['id'];[/b]

same thing with posted variables from forms.  with register_globals set to ON, when you had a form and had a text input tag called name='blah' and you click submit, you can then access in your processing script by simply using $blah.  Well now you have to use $_POST['blah'] or $_GET['blah'] depending on your form's method. 

$_POST and $_GET are arrays.  treat them like arrays, because that's what they are.  They are arrays of your variables passed to your next script from forms or address bars or whatever, and each array element 's name is the name of your variable.

$_POST['variablename']

from here, you can then go back to the previous posts as far as checking to make sure they exist/are legit/convert them back to regular $variablename for your coding pleasure. 



Link to comment
Share on other sites

Wow. You guys outdid yourselves. So, as long as I use $_GET,$_POST, $_REQUEST and define where the variable is coming from everything will work? And also this verification of all the variables, is there a way you can do this by not adding extra code for each $_GET, $_POST, $_REQUEST you have in your code? Is this what obsidians code was trying to achieve?
Link to comment
Share on other sites

There's also the [url=http://www.php.net/extract]extract()[/url] function, which does the same thing as obsidian's loop. It cam do more, so read the manual page.

[code]<?php
if (!empty($_POST)) extract($_POST);
if (!empty($_GET)) extract($_GET);
?>[/code]

But, I would get used to using the explicit $_POST and/or $_GET refereneces (as well as $_SESSION). It make life a lot easier when you come back to code after havning not seen it for a few months.

Of course after validating the user input, you would probably not use $_GET['xxx'] or $_POST['xxx'], but a reference to the validation array you've filled.

Ken
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.