I found the answer, as my second post on this told.
Why unset the globals?
I plan on implementing filters on all User input to ALL scripts in the prepend file. And if someone wants to get a variable that was supplied by a user, they have to specifiy if it's going to be INT, STR(with options to remove run on spaces, validate email addr, remove carriage returns to prevent embedded email directives) 'NUM' type with formatting like in databases, and also, anti SQL injection escaping is possible. The programmer will HAVE to choose which filtering, but strip tags is automatic. I'm not going to have XSS holes or SQL injection on my site.
Justin Patrin wrote:
You can't unset $_REQUEST. All it does is unset the reference to it in the current context. It still exists elsewhere. If you *really* want to get rid of $_REQUEST, you should do it this way:
unset($GLOBALS['_REQUEST']);
But I would advise against that. Why exactly are you unsetting a superglobal?
On Thu, 15 Jul 2004 15:00:15 -0700, Dennis Gearon <[EMAIL PROTECTED]> wrote:
I have a function in a class that unsets the superglobal $_REQUEST;
Well, it's supposed to, it doesn't do it. I'm on version 4.2.3 of PHP. This page:
http://us2.php.net/manual/en/language.variables.predefined.php#language.variables.superglobals
says that $_REQUEST is a super global as of version 4.1.0. Is there some bug I don't know about or am I doing something wrong?
Here's the code:
<?PHP $_REQUEST["var1"]="\"><script>script stuff</script>"; $_REQUEST["var2"]="a_string_of_course"; $_REQUEST["arr1"]["elem1"]="<script>script stuff2</script>"; $_REQUEST["arr1"]["elem2"]="another_string_of_course";
if( !defined('TEST_UNSET') ){ define('TEST_UNSET', TRUE);
class abstract_environment{ var $_REQUEST; function abstract_environment(){ $this->_REQUEST=$_REQUEST; unset( $_REQUEST ); echo("unset was done"); $this->_clean_all_vars(); } function _clean_all_vars(){ //ADD OTHER PROCESSING AS NEEDED $this->_strip_tags_arr( $this->_REQUEST ); } function _strip_tags_arr( &$arr_or_solo ){ if( isset($arr_or_solo) ){ if( !is_array($arr_or_solo) ){ $arr_or_solo= strip_tags($arr_or_solo); } else { reset ($arr_or_solo); while (list($key, ) = each ($arr_or_solo)) { if( isset($arr_or_solo[$key]) ){ if( is_array($arr_or_solo[$key]) ){ $this->_strip_tags_arr($arr_or_solo[$key]); } else { $arr_or_solo[$key] = strip_tags($arr_or_solo[$key]); } } } } } }
} } $abs_env=new abstract_environment; echo "<pre>"; print_r($_REQUEST); print_r( $abs_env ); echo "</pre>"; ?>
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
!DSPAM:40f6fde76071105215333!
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
