Hi All, I have been a subscriber of php-db for quite some time, and I have seen MANY ppl ask why their variables aren't being passed though, etc, due to register_globals, etc, blah blah blah
I have kept my eyes open reading all the material I can, and I understand the security implications of certain programming actions. Like most programmers, I am lazy. I prefer to construct functions to do the hard work for me. Before the register_globals issue was widespread, I loved programming in PHP (compared to ASP), because of the automatic passing of variables from page to page (also, referencing undefined variables without a hitch).I had some techniques to deal with security, and other things, so register_globals = on wasn't such big deal for me. But I acknowledge that if I do contract work for a business, and their server is set to I have set my php.ini to E_ALL and register_globals = off, etc, although I don't want to have to do $var = $_GET['var'] for each variable i want imported. I have also noted people are using $HTTP_GET_VARS['var'] to allow for older php compatibility. But doing it this way reminds me too much of ASP. Now, my question is, has anyone created functions or developed techniques to prevent obvious security breaches and also not collapse when using E_ALL? I have read somewhere that some people wrote a function which would accept an array of variable names (and get,post,session flag etc), and globalize all of those variables listed. Such an example (i imagine) would be something like this: import_vars( "GET", array('id','var2','name') ); Now I don't think that I would have any troubles writing this sort of a function, although I was wondering if anyone had already considered this approach, or decided on a better solution. Really, I don't want to have to do isset(), etc on all my vars when using them. What I could deal with is having one line, where I list all the variables i use on the page, and it either imports it or creates an empty string if not found (therefore initializing it). What do you all think of this approach? PS. Sorry if this is talked about WAY too much on these lists, but I think this is a more informative thread for people who know about register_globals etc, but want scripting to be easier (and faster) with PHP, but still maintaining a good code structure (and sensible programming logic). Adam -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php