PHP Development
 
Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
 
User Name:
Password:
Remember me
Iron Speed
 
Go Back   Dev Articles Community ForumsProgrammingPHP Development

Reply
Add This Thread To:
  Del.icio.us   Digg   Google   Spurl   Blink   Furl   Simpy   Y! MyWeb 
Thread Tools Search this Thread Display Modes
 
Unread Dev Articles Community Forums Sponsor:
Free Web 2.0 Code Generator! Generate data entry and reporting .NET Web apps in minutes. Quickly create visually stunning, feature-rich apps that are easy to customize and ready to deploy. Download Now!
  #1  
Old July 18th, 2003, 01:23 AM
laidbak laidbak is offline
you know how we do
Dev Articles Novice (500 - 999 posts)
 
Join Date: Jun 2002
Location: In Tha IE -- San Bernardino COUNTY
Posts: 788 laidbak User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 2 h 4 m 2 sec
Reputation Power: 6
Send a message via ICQ to laidbak Send a message via AIM to laidbak Send a message via MSN to laidbak Send a message via Yahoo to laidbak
Register Globals (How It Works)

I've realized that way too many PHP developers just don't understand the register_globals setting.
Here are some notes ( I didn't feel an official article was necessary, so this will have to do ):

1. You can turn on/off register_globals from PHP.INI, .htaccess and httpd.conf using php_value directive, php_flag

2. You can't set register_globals on/off during runtime

3. $_GET, $_POST, $_SESSION, $_COOKIE, etc are called superglobals and are globally accessible. (yes, even from functions).

4. $HTTP_GET_VARS, $HTTP_POST_VARS, etc are predefined variables like the superglobals, yet these are not in the same namespace nor are they globally accessible.

5. Using $varname instead of $_GET['varname'] or $_POST['varname'] can potentially be dangerous to your scripts... but that depends on how you are using them. It isn't necessarily the end of the world if you do, but I suggest you don't. Not just for security, but for compatible, portable, and clean code.


Take a look at a sample I put together just for all those who need a quick pointer in the right direction:

http://www.laidbak.net/phpsample/reg_globals/

In the example you will find two links.
Both are just a list of variables from the $_GET and $HTTP_GET_VARS array's which PHP has predefined at runtime.

One is in a directory where register_globals is turned off, and the other has register_globals on.

Take a look at all the variables, but definately make note of the var_dumps that are highlighted with color. You will notice that there are multiple ways to access this info.

This example helped me to clarify a while ago that using the superglobal array's is a much cleaner way to program in PHP. It was either take the manual's word for it or test it out myself.
__________________
__________________________________________________ _
Wil Moore III, MCP | Integrations Specialist | Senior Consultant
Are You Listed...? | DigitallySmooth Inc.

Reply With Quote
  #2  
Old July 18th, 2003, 07:27 PM
FrankieShakes FrankieShakes is offline
Frank The Tank!
Dev Articles Beginner (1000 - 1499 posts)
 
Join Date: Jun 2002
Location: Toronto, Canada
Posts: 1,246 FrankieShakes User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 7
Send a message via ICQ to FrankieShakes Send a message via MSN to FrankieShakes
Sticky!

This post is worthy of a Sticky! It will help newcomers familiarize themselves with the superglobal arrays.

If anyone has any other tips they feel would merit this discussion (not necessarily related to superglobals), feel free to post!

Helping others improves everyone's skillset, including your own!
__________________
____________________________________________
Developer Shed Weekly Writer | DevArticles Forum Moderator
Build Your Own KlipFolio Klip With PHP
FrankManno.com - Under Construction
Design Interactive Group - Under Construction

Reply With Quote
  #3  
Old July 19th, 2003, 07:53 PM
nicat23's Avatar
nicat23 nicat23 is offline
Addicted to Chaos..
Dev Articles Novice (500 - 999 posts)
 
Join Date: Jan 2003
Location: Ft. Worth, TX
Posts: 653 nicat23 User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 1 h 47 m 52 sec
Reputation Power: 0
Send a message via AIM to nicat23 Send a message via Yahoo to nicat23
Re: Register Globals (How It Works)

Quote:
Originally posted by laidbak
3. $_GET, $_POST, $_SESSION, $_COOKIE, etc are called superglobals and are globally accessible. (yes, even from functions).

You forgot $_SERVER, $_FILES, $_ENV, and $_REQUEST

Here's a good link that has examples of all of the superglobals

http://www.php.net/variables.predefined

Reply With Quote
  #4  
Old July 21st, 2003, 05:57 PM
dfano dfano is offline
Always Learning (I Think)
Dev Articles Newbie (0 - 499 posts)
 
Join Date: Apr 2003
Location: NYC Baby!!!!
Posts: 123 dfano User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 6
Send a message via AIM to dfano Send a message via Yahoo to dfano
stupid question!

do the super globals also work when register_globals is off. so is it good practice to always use them. I think that is what will was saying but i just want to make sure.

thanks

dave

Reply With Quote
  #5  
Old July 21st, 2003, 07:22 PM
avit avit is offline
Not Yet Perfect
Dev Articles Newbie (0 - 499 posts)
 
Join Date: Nov 2002
Location: Squamish, BC
Posts: 111 avit User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 6
Send a message via ICQ to avit
Yes, when register_globals is off you have the superglobal ($_GET, $_POST) and the "old" server variable ($HTTP_GET_VARS, $HTTP_POST_VARS) arrays.

The only thing you don't get with register_globals turned off, are automatically extracted variables coming in from GET and POST. (e.g. $_POST[userid] doesn't automatically show up as $userid. And this is a good thing, because you want to control where such variables can come from.

Sure, register_globals sounds convenient, but it comes at a price. A simplistic example:

With register_globals it's possible that a hacker could access your restricted area by injecting variables through the URL. If your script checks for the existence of variables without knowing where they come from, that could mean trouble. For example, accessing yoursite/restricted.php?loggedin=1 would lead to a variable called $loggedin existing in the script. Simply checking if ($loggedin) would be a poor safeguard.

Reply With Quote
  #6  
Old August 18th, 2003, 09:07 PM
digitalamit digitalamit is offline
Registered User
Dev Articles Newbie (0 - 499 posts)
 
Join Date: Apr 2002
Location: New Delhi, India
Posts: 19 digitalamit User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 0
Send a message via ICQ to digitalamit Send a message via AIM to digitalamit Send a message via Yahoo to digitalamit
And if you wanto extract the variables even when register_globals is off, you can use SafeExtract()

HTH!

Reply With Quote
  #7  
Old September 12th, 2003, 09:42 AM
numbernine numbernine is offline
Up To His Eyes In Ads
Dev Articles Newbie (0 - 499 posts)
 
Join Date: Oct 2002
Location: Chicago
Posts: 160 numbernine User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 1 m 25 sec
Reputation Power: 6
Great post, laidbak! I wish I had seen it about 4 weeks ago

Reply With Quote
  #8  
Old September 12th, 2003, 01:22 PM
laidbak laidbak is offline
you know how we do
Dev Articles Novice (500 - 999 posts)
 
Join Date: Jun 2002
Location: In Tha IE -- San Bernardino COUNTY
Posts: 788 laidbak User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 2 h 4 m 2 sec
Reputation Power: 6
Send a message via ICQ to laidbak Send a message via AIM to laidbak Send a message via MSN to laidbak Send a message via Yahoo to laidbak
Yeah, I know how that goes... I've struggled through many issues before realizing I could have just looked up the answer.

Too bad the answer is never available when you are looking for it though.

Reply With Quote
  #9  
Old September 23rd, 2003, 07:59 PM
mytch mytch is offline
Dev Articles Novice (500 - 999 posts)
 
Join Date: Apr 2002
Location: Sydney, Australia
Posts: 589 mytch User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 7
Hey Wil,
Nice work your post definetly sheds light on the globals in PHP. Personally, I think that they've just confused everyone by adding the $_XXX variables and depreciating the $HTTP_POST_VARS (for example) array.

Anyway, just 1 thing that no one has mentioned. For those of you working with older scripts, or trying to run with register_globals off on a newever version of PHP (such as 4.3), you need to declare the older arrays as global if the scope you're using is a function, such as:

<?php

function test()
{
global $HTTP_GET_VARS;
$x = $HTTP_GET_VARS["x"];
echo $x;
}

test();

?>

Make sure you add the "global..." line. This stands true for any of the depreciated arrays such as $HTTP_POST_VARS, $HTTP_SERVER_VARS, etc...

Reply With Quote
  #10  
Old September 23rd, 2003, 11:36 PM
laidbak laidbak is offline
you know how we do
Dev Articles Novice (500 - 999 posts)
 
Join Date: Jun 2002
Location: In Tha IE -- San Bernardino COUNTY
Posts: 788 laidbak User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 2 h 4 m 2 sec
Reputation Power: 6
Send a message via ICQ to laidbak Send a message via AIM to laidbak Send a message via MSN to laidbak Send a message via Yahoo to laidbak
Hey Mytch,

Thanks for the feedback.
I should have included that... I guess I left it out because I tend to not use the global statement anywhere in my scripts.

I just grepped a bunch of my code to see if I could really make that claim... yup, I haven't used it anywhere in anything I have on my box at the moment.

Everything I do is without the use of declaring globals of any kind.

A buddy of mine asked me recently how I would get the value of the server's root path into a function... My answer was:
Code:
define('ROOT_DIRECTORY', $_SERVER['DOCUMENT_ROOT']);

function getRoot()
{
  return ROOT_DIRECTORY;
}

print 'Root is : '.getRoot();

Thanks again Mytch...

Reply With Quote
  #11  
Old September 30th, 2003, 12:58 PM
arrowhead arrowhead is offline
Junior Member
Dev Articles Newbie (0 - 499 posts)
 
Join Date: Nov 2002
Location: Kuala Lumpur
Posts: 13 arrowhead User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 0
in response to the code snipped above on getting the value of a server's root path - why not just:

print 'Root is : ' . $_SERVER['DOCUMENT_ROOT'];

Reply With Quote
  #12  
Old October 1st, 2003, 12:49 AM
laidbak laidbak is offline
you know how we do
Dev Articles Novice (500 - 999 posts)
 
Join Date: Jun 2002
Location: In Tha IE -- San Bernardino COUNTY
Posts: 788 laidbak User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 2 h 4 m 2 sec
Reputation Power: 6
Send a message via ICQ to laidbak Send a message via AIM to laidbak Send a message via MSN to laidbak Send a message via Yahoo to laidbak
The main point of the post was to show the scope of a defined constant.

Reply With Quote
  #13  
Old October 1st, 2003, 07:08 AM
dhouston's Avatar
dhouston dhouston is offline
Contributing User
Dev Articles Beginner (1000 - 1499 posts)
 
Join Date: May 2003
Location: Tennessee
Posts: 1,355 dhouston User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 7
Send a message via ICQ to dhouston
Just thought of something else I posted in another thread that probably goes well here too. Though I don't advocate this usage as a common practice, it could help get some people out of a jam. Imagine a scenario in which somebody has to change hosts, and the new host doesn't support register_globals=on, but the code's all written with variables unscoped. As a quick fix to get the site up and running until a code conversion can be done, the following code might come in handy:

PHP Code:
while(list($k,$v)=each($_POST)){
    $
$k=$v//Yes, that's two dollar signs.



It loops through the $_POST array and, for each key, creates a variable whose name corresponds to that key, and assigns the associated value to the new variable.

Again, I think it's important to scope your variables properly if only to make your code legible to other developers, but if you find yourself in a pinch, this might help you out in the short term.

Reply With Quote
  #14  
Old October 2nd, 2003, 09:52 AM
laidbak laidbak is offline
you know how we do
Dev Articles Novice (500 - 999 posts)
 
Join Date: Jun 2002
Location: In Tha IE -- San Bernardino COUNTY
Posts: 788 laidbak User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 2 h 4 m 2 sec
Reputation Power: 6
Send a message via ICQ to laidbak Send a message via AIM to laidbak Send a message via MSN to laidbak Send a message via Yahoo to laidbak
In that case why not try:
PHP Code:
 extract(array_merge($_POST,$_GET)); 
This creates a variable for each key in the post and get arrays. You can do this with the cookies array and session array if you like.

Reply With Quote
  #15  
Old April 1st, 2004, 06:25 AM
crudesys crudesys is offline
Registered User
Dev Articles Newbie (0 - 499 posts)
 
Join Date: Mar 2004
Location: California
Posts: 25 crudesys User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 0
Thumbs up

This is a very helpful thread. thank you and good job

Reply With Quote
  #16  
Old October 15th, 2004, 01:01 PM
ChrisPhp ChrisPhp is offline
Registered User
Dev Articles Newbie (0 - 499 posts)
 
Join Date: Oct 2004
Posts: 1