Hi All,
I have been a subscriber of php-db for quite some time, and I have seen
MANY ppl ask why their variables aren't being passed though, etc, due
to register_globals, etc, blah blah blah
I have kept my eyes open reading all the material I can, and I
understand the security implications of certain programming actions.
Like most programmers, I am lazy. I prefer to construct functions to do
the hard work for me. Before the register_globals issue was widespread,
I loved programming in PHP (compared to ASP), because of the automatic
passing of variables from page to page (also, referencing undefined
variables without a hitch).I had some techniques to deal with security,
and other things, so register_globals = on wasn't such big deal for me.
But I acknowledge that if I do contract work for a business, and their
server is set to
I have set my php.ini to E_ALL and register_globals = off, etc,
although I don't want to have to do $var = $_GET['var'] for each
variable i want imported. I have also noted people are using
$HTTP_GET_VARS['var'] to allow for older php compatibility. But doing
it this way reminds me too much of ASP.
Now, my question is, has anyone created functions or developed
techniques to prevent obvious security breaches and also not collapse
when using E_ALL? I have read somewhere that some people wrote a
function which would accept an array of variable names (and
get,post,session flag etc), and globalize all of those variables listed.
Such an example (i imagine) would be something like this:
import_vars( "GET", array('id','var2','name') );
Now I don't think that I would have any troubles writing this sort of a
function, although I was wondering if anyone had already considered
this approach, or decided on a better solution. Really, I don't want to
have to do isset(), etc on all my vars when using them. What I could
deal with is having one line, where I list all the variables i use on
the page, and it either imports it or creates an empty string if not
found (therefore initializing it).
What do you all think of this approach?
PS. Sorry if this is talked about WAY too much on these lists, but I
think this is a more informative thread for people who know about
register_globals etc, but want scripting to be easier (and faster) with
PHP, but still maintaining a good code structure (and sensible
programming logic).
Adam
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
