PHP Development
 
Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
 
User Name:
Password:
Remember me
 



Go Back   Dev Articles Community ForumsProgrammingPHP Development

Reply
Add This Thread To:
  Del.icio.us   Digg   Google   Spurl   Blink   Furl   Simpy   Y! MyWeb 
Thread Tools Search this Thread Display Modes
 
Unread Dev Articles Community Forums Sponsor:
  #1  
Old July 18th, 2003, 01:23 AM
digitallysmooth digitallysmooth is offline
you know how we do
Dev Articles Novice (500 - 999 posts)
 
Join Date: Jun 2002
Posts: 785 digitallysmooth User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 2 h 34 m 21 sec
Reputation Power: 13
Register Globals (How It Works)

I've realized that way too many PHP developers just don't understand the register_globals setting.
Here are some notes ( I didn't feel an official article was necessary, so this will have to do ):

1. You can turn on/off register_globals from PHP.INI, .htaccess and httpd.conf using php_value directive, php_flag

2. You can't set register_globals on/off during runtime

3. $_GET, $_POST, $_SESSION, $_COOKIE, etc are called superglobals and are globally accessible. (yes, even from functions).

4. $HTTP_GET_VARS, $HTTP_POST_VARS, etc are predefined variables like the superglobals, yet these are not in the same namespace nor are they globally accessible.

5. Using $varname instead of $_GET['varname'] or $_POST['varname'] can potentially be dangerous to your scripts... but that depends on how you are using them. It isn't necessarily the end of the world if you do, but I suggest you don't. Not just for security, but for compatible, portable, and clean code.


Take a look at a sample I put together just for all those who need a quick pointer in the right direction:

http://www.laidbak.net/phpsample/reg_globals/

In the example you will find two links.
Both are just a list of variables from the $_GET and $HTTP_GET_VARS array's which PHP has predefined at runtime.

One is in a directory where register_globals is turned off, and the other has register_globals on.

Take a look at all the variables, but definately make note of the var_dumps that are highlighted with color. You will notice that there are multiple ways to access this info.

This example helped me to clarify a while ago that using the superglobal array's is a much cleaner way to program in PHP. It was either take the manual's word for it or test it out myself.
__________________
__________________________________________________ _
Wil Moore III, MCP | Integrations Specialist | Senior Consultant
Are You Listed...? | DigitallySmooth Inc.

Reply With Quote
  #2  
Old July 18th, 2003, 07:27 PM
FrankieShakes FrankieShakes is offline
Frank The Tank!
Dev Articles Beginner (1000 - 1499 posts)
 
Join Date: Jun 2002
Location: Toronto, Canada
Posts: 1,240 FrankieShakes User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 14
Send a message via ICQ to FrankieShakes Send a message via MSN to FrankieShakes
Sticky!

This post is worthy of a Sticky! It will help newcomers familiarize themselves with the superglobal arrays.

If anyone has any other tips they feel would merit this discussion (not necessarily related to superglobals), feel free to post!

Helping others improves everyone's skillset, including your own!
__________________
____________________________________________
Developer Shed Weekly Writer | DevArticles Forum Moderator
Build Your Own KlipFolio Klip With PHP
FrankManno.com - Under Construction
Design Interactive Group - Under Construction

Reply With Quote
  #3  
Old July 19th, 2003, 07:53 PM
nicat23's Avatar
nicat23 nicat23 is offline
Addicted to Chaos..
Dev Articles Novice (500 - 999 posts)
 
Join Date: Jan 2003
Location: Ft. Worth, TX
Posts: 650 nicat23 User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 1 h 48 m 34 sec
Reputation Power: 0
Send a message via AIM to nicat23 Send a message via Yahoo to nicat23
Re: Register Globals (How It Works)

Quote:
Originally posted by laidbak
3. $_GET, $_POST, $_SESSION, $_COOKIE, etc are called superglobals and are globally accessible. (yes, even from functions).

You forgot $_SERVER, $_FILES, $_ENV, and $_REQUEST

Here's a good link that has examples of all of the superglobals

http://www.php.net/variables.predefined

Reply With Quote
  #4  
Old July 21st, 2003, 05:57 PM
dfano dfano is offline
Always Learning (I Think)
Dev Articles Newbie (0 - 499 posts)
 
Join Date: Apr 2003
Location: NYC Baby!!!!
Posts: 123 dfano User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 12
Send a message via AIM to dfano Send a message via Yahoo to dfano
stupid question!

do the super globals also work when register_globals is off. so is it good practice to always use them. I think that is what will was saying but i just want to make sure.

thanks

dave

Reply With Quote
  #5  
Old July 21st, 2003, 07:22 PM
avit avit is offline
Not Yet Perfect
Dev Articles Newbie (0 - 499 posts)
 
Join Date: Nov 2002
Location: Squamish, BC
Posts: 111 avit User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 12
Send a message via ICQ to avit
Yes, when register_globals is off you have the superglobal ($_GET, $_POST) and the "old" server variable ($HTTP_GET_VARS, $HTTP_POST_VARS) arrays.

The only thing you don't get with register_globals turned off, are automatically extracted variables coming in from GET and POST. (e.g. $_POST[userid] doesn't automatically show up as $userid. And this is a good thing, because you want to control where such variables can come from.

Sure, register_globals sounds convenient, but it comes at a price. A simplistic example:

With register_globals it's possible that a hacker could access your restricted area by injecting variables through the URL. If your script checks for the existence of variables without knowing where they come from, that could mean trouble. For example, accessing yoursite/restricted.php?loggedin=1 would lead to a variable called $loggedin existing in the script. Simply checking if ($loggedin) would be a poor safeguard.

Reply With Quote
  #6  
Old September 12th, 2003, 09:42 AM
numbernine numbernine is offline
Up To His Eyes In Ads
Dev Articles Newbie (0 - 499 posts)
 
Join Date: Oct 2002
Location: Chicago
Posts: 160 numbernine User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 1 m 25 sec
Reputation Power: 13
Great post, laidbak! I wish I had seen it about 4 weeks ago

Reply With Quote
  #7  
Old September 12th, 2003, 01:22 PM
digitallysmooth digitallysmooth is offline
you know how we do
Dev Articles Novice (500 - 999 posts)
 
Join Date: Jun 2002
Posts: 785 digitallysmooth User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 2 h 34 m 21 sec
Reputation Power: 13
Yeah, I know how that goes... I've struggled through many issues before realizing I could have just looked up the answer.

Too bad the answer is never available when you are looking for it though.

Reply With Quote
  #8  
Old September 23rd, 2003, 07:59 PM
mytch mytch is offline
Dev Articles Novice (500 - 999 posts)
 
Join Date: Apr 2002
Location: Sydney, Australia
Posts: 588 mytch User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 13
Hey Wil,
Nice work your post definetly sheds light on the globals in PHP. Personally, I think that they've just confused everyone by adding the $_XXX variables and depreciating the $HTTP_POST_VARS (for example) array.

Anyway, just 1 thing that no one has mentioned. For those of you working with older scripts, or trying to run with register_globals off on a newever version of PHP (such as 4.3), you need to declare the older arrays as global if the scope you're using is a function, such as:

<?php

function test()
{
global $HTTP_GET_VARS;
$x = $HTTP_GET_VARS["x"];
echo $x;
}

test();

?>

Make sure you add the "global..." line. This stands true for any of the depreciated arrays such as $HTTP_POST_VARS, $HTTP_SERVER_VARS, etc...

Reply With Quote
  #9  
Old September 23rd, 2003, 11:36 PM
digitallysmooth digitallysmooth is offline
you know how we do
Dev Articles Novice (500 - 999 posts)
 
Join Date: Jun 2002
Posts: 785 digitallysmooth User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 2 h 34 m 21 sec
Reputation Power: 13
Hey Mytch,

Thanks for the feedback.
I should have included that... I guess I left it out because I tend to not use the global statement anywhere in my scripts.

I just grepped a bunch of my code to see if I could really make that claim... yup, I haven't used it anywhere in anything I have on my box at the moment.

Everything I do is without the use of declaring globals of any kind.

A buddy of mine asked me recently how I would get the value of the server's root path into a function... My answer was:
Code:
define('ROOT_DIRECTORY', $_SERVER['DOCUMENT_ROOT']);

function getRoot()
{
  return ROOT_DIRECTORY;
}

print 'Root is : '.getRoot();

Thanks again Mytch...

Reply With Quote
  #10  
Old September 30th, 2003, 12:58 PM
arrowhead arrowhead is offline
Registered User
Dev Articles Newbie (0 - 499 posts)
 
Join Date: Nov 2002
Location: Kuala Lumpur
Posts: 13 arrowhead User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 0
in response to the code snipped above on getting the value of a server's root path - why not just:

print 'Root is : ' . $_SERVER['DOCUMENT_ROOT'];

Reply With Quote
  #11  
Old October 1st, 2003, 12:49 AM
digitallysmooth digitallysmooth is offline
you know how we do
Dev Articles Novice (500 - 999 posts)
 
Join Date: Jun 2002
Posts: 785 digitallysmooth User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 2 h 34 m 21 sec
Reputation Power: 13
The main point of the post was to show the scope of a defined constant.

Reply With Quote
  #12  
Old October 1st, 2003, 07:08 AM
dhouston's Avatar
dhouston dhouston is offline
Contributing User
Dev Articles Beginner (1000 - 1499 posts)
 
Join Date: May 2003
Location: Tennessee
Posts: 1,355 dhouston User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 13
Send a message via ICQ to dhouston
Just thought of something else I posted in another thread that probably goes well here too. Though I don't advocate this usage as a common practice, it could help get some people out of a jam. Imagine a scenario in which somebody has to change hosts, and the new host doesn't support register_globals=on, but the code's all written with variables unscoped. As a quick fix to get the site up and running until a code conversion can be done, the following code might come in handy:

PHP Code:
while(list($k,$v)=each($_POST)){
    $
$k=$v//Yes, that's two dollar signs.



It loops through the $_POST array and, for each key, creates a variable whose name corresponds to that key, and assigns the associated value to the new variable.

Again, I think it's important to scope your variables properly if only to make your code legible to other developers, but if you find yourself in a pinch, this might help you out in the short term.

Reply With Quote
  #13  
Old October 2nd, 2003, 09:52 AM
digitallysmooth digitallysmooth is offline
you know how we do
Dev Articles Novice (500 - 999 posts)
 
Join Date: Jun 2002
Posts: 785 digitallysmooth User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 2 h 34 m 21 sec
Reputation Power: 13
In that case why not try:
PHP Code:
 extract(array_merge($_POST,$_GET)); 
This creates a variable for each key in the post and get arrays. You can do this with the cookies array and session array if you like.

Reply With Quote
  #14  
Old April 1st, 2004, 06:25 AM
crudesys crudesys is offline
Registered User
Dev Articles Newbie (0 - 499 posts)
 
Join Date: Mar 2004
Location: California
Posts: 25 crudesys User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 0
Thumbs up

This is a very helpful thread. thank you and good job

Reply With Quote
  #15  
Old October 15th, 2004, 01:01 PM
ChrisPhp ChrisPhp is offline
Registered User
Dev Articles Newbie (0 - 499 posts)
 
Join Date: Oct 2004
Posts: 1 ChrisPhp User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 0
Lightbulb PHP 4.3.x with IIS 5.1

Developers FYI : I tried IIS 5.1 with P 4.3.1 using isapi, and variables posted on the page never worked. I changed the port on IIS to a different one (ie: 8080) and voila, it worked!. Anybody knows if this can be worked without changing the port. I tried everyting (dif combinations): registering globals on INI, tryed $_POST['var'], $_GET['var'], $_REQUEST['var'] etc... and nothing retreived the values or echoed them. Only when I changed the Port IIS worked fine.

I understand Apache and Xitami work well with PHP and don't have this problems. By the way I am using XP service pack 2.

Regards to list.

Quote:
Originally Posted by laidbak
In that case why not try:
PHP Code:
 extract(array_merge($_POST,$_GET)); 
This creates a variable for each key in the post and get arrays. You can do this with the cookies array and session array if you like.

Reply With Quote
  #16  
Old November 16th, 2004, 02:28 PM
Uare Uare is offline
Registered User
Dev Articles Newbie (0 - 499 posts)
 
Join Date: Nov 2004
Location: BC, Canada
Posts: 9 Uare User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 0
Exclamation Using Depreciated Code

I have sometimes needed to use outdated code that has register globals turned on... For one reason or another the files were mixed with files that used the $_REQUEST format.
Security wan't an issue as this part of the system was in an intranet and the old files all loaded a common include file. So we found out that we could turn on register globals during run-time with
PHP Code:
 ini_set('register_globals''on');
import_request_variables("cpg"); 

I would not recomend this in most cases but it may prove helpful to others.
Kyle
http://www.transparen.com

Reply With Quote
  #17  
Old April 24th, 2005, 02:44 AM
Itsacon's Avatar
Itsacon Itsacon is offline
Command Line Warrior
Click here for more information
 
Join Date: Aug 2004
Location: Sector ZZ9 Plural Z Alpha
Posts: 1,030 Itsacon User rank is Lance Corporal (50 - 100 Reputation Level)Itsacon User rank is Lance Corporal (50 - 100 Reputation Level)Itsacon User rank is Lance Corporal (50 - 100 Reputation Level)  Folding Points: 2966446 Folding Title: Super Ultimate Folder - Level 6Folding Points: 2966446 Folding Title: Super Ultimate Folder - Level 6Folding Points: 2966446 Folding Title: Super Ultimate Folder - Level 6Folding Points: 2966446 Folding Title: Super Ultimate Folder - Level 6Folding Points: 2966446 Folding Title: Super Ultimate Folder - Level 6Folding Points: 2966446 Folding Title: Super Ultimate Folder - Level 6Folding Points: 2966446 Folding Title: Super Ultimate Folder - Level 6Folding Points: 2966446 Folding Title: Super Ultimate Folder - Level 6Folding Points: 2966446 Folding Title: Super Ultimate Folder - Level 6Folding Points: 2966446 Folding Title: Super Ultimate Folder - Level 6
Time spent in forums: 1 Week 12 h 39 m 36 sec
Reputation Power: 12
Send a message via ICQ to Itsacon
Also remember, that the availability of the 'long' arrays like $HTTP_POST_VARS[] also depends on the 'register_long_arrays' setting in php.ini.

The only really sure way nowadays are the $_POST, etc superglobals.

As for populating the 'normal' variables yourself, you'll still have to check whether the variable is set before you use it, so I prefer to have sections like this at the start of code that uses post/get data:
PHP Code:
if(isset($_POST['var1']))
    
$var1 $_POST['var1'];
else
    
$var1 "";         #####    Set default value

if(isset($_GET['var2']))
    
$var2 $_GET['var2'];
else
    
$var2 0;         #####    Set default value 


This way, you're always sure the variable is set with a legal value, saving a lot of checking later on.
__________________
This is my code. Is it not nifty?

"The biggest problem encountered while trying to design a system that was completely foolproof, was, that people tended to underestimate the ingenuity of complete fools."
---Douglas Adams


Join the Itsacon fanclub!    
Zero Tolerance: Spammers banned so far: 592

Reply With Quote
  #18  
Old April 26th, 2007, 09:55 AM
HalitYesil HalitYesil is offline
Registered User
Dev Articles Newbie (0 - 499 posts)
 
Join Date: Apr 2007
Posts: 4 HalitYesil User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 1 h 20 m 54 sec
Reputation Power: 0
Your script include top

PHP Code:
function deepSlash($var$a 'add'){
        if(
is_array($var)){
            @ 
reset($var);
            while(list(
$k,$v) = each($var)) $out[$k] = deepSlash($v$a);
        }else if(
$a == 'strip'$out addslashes($v); else $out stripslashes($v);
        return 
$out;
    }
    
    if((bool)
ini_get('register_globals')) ini_set('register_globals''off');
    
    if(
get_magic_quotes_gpc()){
        
$_POST deepSlash($_POST);
        
$_GET deepSlash($_GET);
        
$_REQUEST deepSlash($_REQUEST);
        
$_COOKIE deepSlash($_COOKIE);
    } 

Reply With Quote
  #19  
Old November 8th, 2011, 07:55 PM
Kie4baa5haec Kie4baa5haec is offline
Registered User
Dev Articles Newbie (0 - 499 posts)
 
Join Date: Nov 2011
Posts: 1 Kie4baa5haec User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 9 m 32 sec
Reputation Power: 0
Thanks for the feedback.
I should have included that... I guess I left it out because I tend to not use the global statement anywhere in my scripts.

I just grepped a bunch of my code to see if I could really make that claim... yup, I haven't used it anywhere in anything I have on my box at the moment.

Everything I do is without the use of declaring globals of any kind

Reply With Quote
Reply

Viewing: Dev Articles Community ForumsProgrammingPHP Development > Register Globals (How It Works)


Developer Shed Advertisers and Affiliates


Thread Tools  Search this Thread 
Search this Thread:

Advanced Search
Display Modes  Rate This Thread 
Rate This Thread:


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
View Your Warnings | New Posts | Latest News | Latest Threads | Shoutbox
Forum Jump

Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
  
 


Powered by: vBulletin Version 3.0.5
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.

© 2003-2014 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap