AMEN! I PERSONALLY DO NOT consider it a PIA to have to access the variables
via $HTTP_POST... What I USUALLY do is something like this:
$fldform_var1 = $HTTP_POST_VARS[form_var1];
etc.
This way, I'm GUARENETEED that I got the variable FROM the location that I was
expecting. Then, I refer throughout the rest of the script to $fldform_var1.
Ok, also, another thing. People have been saying that "We can't turn off
regsiter_globals because it would require teaching arrays and stuff before we
should be getting to them." Bull... ALL you have to do is say "If you wish to
access the data from the form field titled my_name, you MUST do $my_name =
$HTTP_POST_VARS[my_name]." That's it. The student does NOT need to know at
that time that $HTTP_POST_VARS is an array. You can get to that later.
On Sun, 29 Jul 2001 18:25:52 -0700, [EMAIL PROTECTED] (Zeev Suraski) wrote:
>What you ignored completely are three facts:
>- register_globals=on leads to insecure code, which was demonstrated time
>and time again in the past.
>- Once it's off, we're going to provide methods of accessing variables
>which are just as easy, and quite easier in case you access them from
>functions. Having form variables register as global variables is not the
>11th commandment, and it's kind of odd to see people treat it as such.
>- E_NOTICE is a runtime issue, one which you would have to check under all
>possible paths in your logic. That's why leaving security stuff to runtime
>is always never a good idea. Setting register_globals to off gives you
>development-time security.
>
>Zeev
>
[...first part of original message deleted...]
>>The suggestion to turn off register_globals by default is an extremely
>>bad one. It would make using PHP nothing short of a pain in the ass,
>>break vast amounts of code, and not improve a whole lot. I _LIKE_ that
>>I can GET or POST to a page, and the variables will still come from the
>>right place.
[...rest of message deleted...]
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
