Re: [PHP] Re: Need Help with register_globals OFF
Thanks for the tips, Justin. Sounds like a good idea. Do you, or anyone, know if the $_POST vars stay defined even after moving on to another page? Do I also need to unset $_POST after passing the vars each time? From: [EMAIL PROTECTED] (Justin French) Newsgroups: php.general Date: Sat, 03 Aug 2002 15:46:57 +1000 To: Monty [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: [PHP] Re: Need Help with register_globals OFF Anyone want to share any tips on how to deal with form vars passed to a script with register_globals turned off? Do you simply refer to them directly with $_GET['var'] or do you initialize vars locally that contain all the $_GET vars? Well I usually choose to POST forms, not GET them, but yeah, I just deal with the vars as $_POST['var']. If I'm referencing the vars a LOT, I make regular $vars out of each element in the POST array: $myvar = $_POST['myvar']; If there's a lot of them, I do it with a foreach loop... something like: ? foreach($_POST as $key = $value) { $$key = $value; } ? ...will do the trick. It achieves the same as register_globals, but only from one source, the POST array. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Need Help with register_globals OFF
Well, I just upgraded a number of PHP scripts to function with register_globals turned off, and now better understand what's required to work with variables more securely. I wanted to share that the extract() command turned out to be a big help. Using it meant I didn't have to put $_POST[' '] around every variable passed by a form. Instead, I put one or both of these lines of code at the beginning of scripts that use forms or receive vars passed via the URL: extract($_POST); extract($_GET); extract() creates local variables using the 'key' and 'value' from the $_POST or $_GET arrays. I even discovered it works with multidimensional arrays that may be passed by forms. In that case, if I have an array named formvar that collects all data from the form (i.e., $formvar['name'], $formvar['address'], etc.), then I use extract this way: extract($_POST['formvar']); This will create local variables named $name and $address that contain the values passed from the form. Here's where you can find more about this function: http://www.php.net/manual/en/function.extract.php One thing to remember is that if you put extract() in a custom function (which I did initially), it won't really work because the variables are created only within the scope of the function, so, as soon as it returns to the script, the vars it created are released. Monty -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Need Help with register_globals OFF
on 03/08/02 3:35 PM, Monty ([EMAIL PROTECTED]) wrote: Well, to answer my own question, I found a decent tutorial on using sessions with the new register_globals off here: http://www.wdvl.com/Authoring/Languages/PHP/Maintaining_state/session_variab les.html Anyone want to share any tips on how to deal with form vars passed to a script with register_globals turned off? Do you simply refer to them directly with $_GET['var'] or do you initialize vars locally that contain all the $_GET vars? Well I usually choose to POST forms, not GET them, but yeah, I just deal with the vars as $_POST['var']. If I'm referencing the vars a LOT, I make regular $vars out of each element in the POST array: $myvar = $_POST['myvar']; If there's a lot of them, I do it with a foreach loop... something like: ? foreach($_POST as $key = $value) { $$key = $value; } ? ...will do the trick. It achieves the same as register_globals, but only from one source, the POST array. Justin Justin -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php