With all the problems with having register_global s = on, I propose the
following idea:
We define register_global s_manual = on as a new configuration default.
What this does is enable 3 new explicit variable declaration mechanisms
with the same syntax as the existing static and global mechanisms.
They would be httpget, httppost and session, so for example:
httpget $user_id;
httppost $credit_card;
session $really_importa nt_stuff;
Each of these declaration lines would effectively enable
register_global s for one specific variable in one particular method
(GET, POST or session).
Creative suggestions, comments would be welcome.
--
Spam:newsgroup( at)cr*********@ verisign-sux-klj.com
EMail:<01100011 001011100110001 001110101011100 10011010110
110010101000000 011000110111001 001100001011110 10011011100
110000101110010 001011100110001 101101111011011 0100100000> 50 3775
This sounds like syntactic sugar for something like:
$user_id = $_GET['user_id'];
$credit_card = $_POST['credit_card'];
$really_importa nt_stuff = $_SESSION['really_importa nt_stuff'];
Admittedly, the last example is a bit long, but is that often a problem?
Is there some way to explode elements of an array into the local
namespace of a method?
Still, with all due respect, I can't see the reasoning to this other
than saving a few key strokes.
What's the rationale to this idea? What problem does it solve? Is it
really a problem?
Kind Regards,
Tom L
127.0.0.1 wrote: With all the problems with having register_global s = on, I propose the following idea:
We define register_global s_manual = on as a new configuration default.
What this does is enable 3 new explicit variable declaration mechanisms with the same syntax as the existing static and global mechanisms.
They would be httpget, httppost and session, so for example:
httpget $user_id; httppost $credit_card; session $really_importa nt_stuff;
Each of these declaration lines would effectively enable register_global s for one specific variable in one particular method (GET, POST or session).
Creative suggestions, comments would be welcome.
Tom Lee wrote: This sounds like syntactic sugar for something like:
$really_importa nt_stuff = $_SESSION['really_importa nt_stuff'];
Not quite, it also adds the
$_SESSION['really_importa nt_stuff'] = $really_importa nt_stuff;
at the appropriate point in an exit routine which no longer needs to be
written.
Someone obviously thought register_global s was a good idea - and it is,
get rid of the carte-blanche approach and it is a great idea.
And anything above machine language is all syntactic sugar anyhow ...
why is that a problem ?
--
Spam:newsgroup( at)cr*********@ verisign-sux-klj.com
EMail:<01100011 001011100110001 001110101011100 10011010110
110010101000000 011000110111001 001100001011110 10011011100
110000101110010 001011100110001 101101111011011 0100100000>
127.0.0.1 wrote: With all the problems with having register_global s = on, I propose the following idea:
We define register_global s_manual = on as a new configuration default.
What this does is enable 3 new explicit variable declaration mechanisms with the same syntax as the existing static and global mechanisms.
They would be httpget, httppost and session, so for example:
httpget $user_id; httppost $credit_card; session $really_importa nt_stuff;
Each of these declaration lines would effectively enable register_global s for one specific variable in one particular method (GET, POST or session).
Creative suggestions, comments would be welcome.
IMHO, get rid of regist_globals altogether. ;P
--
Justin Koivisto - sp**@koivi.com
PHP POSTERS: Please use comp.lang.php for PHP related questions,
alt.php* groups are not recommended.
"127.0.0.1" <newsgroup(at)c r*********@veri sign-sux-ijlkl.com> wrote in
message news:s3******** ************@ne ws-server.bigpond. net.au... With all the problems with having register_global s = on, I propose the following idea:
We define register_global s_manual = on as a new configuration default.
What this does is enable 3 new explicit variable declaration mechanisms with the same syntax as the existing static and global mechanisms.
They would be httpget, httppost and session, so for example:
httpget $user_id; httppost $credit_card; session $really_importa nt_stuff;
Each of these declaration lines would effectively enable register_global s for one specific variable in one particular method (GET, POST or session).
Creative suggestions, comments would be welcome.
As much inconvenience as register_global s has caused me personally, I do
believe the world is a safer place because of it being changed. A
programming language often provides shortcuts for programmers and they
partly attract us to that language due to the speed at which we can develop
our applications. However, over time these shortcuts often lead to security
issues or lead us into bad programming style. If the tools to write bad,
insecure code are not there we're less likely to do it.
Paulus
127.0.0.1 wrote: Tom Lee wrote:
This sounds like syntactic sugar for something like:
$really_impor tant_stuff = $_SESSION['really_importa nt_stuff'];
Not quite, it also adds the
$_SESSION['really_importa nt_stuff'] = $really_importa nt_stuff;
at the appropriate point in an exit routine which no longer needs to be written.
References?
$really_importa nt_stuff =& $_SESSION['really_importa nt_stuff'];
Should accomplish the same thing.
Someone obviously thought register_global s was a good idea - and it is, get rid of the carte-blanche approach and it is a great idea.
I think a better approach would be namespace based - ala something like:
httpsession::re ally_important_ stuff;
The current PHP way of doing it is rather similar: it's a hack using
arrays to emulate namespaces.
And PHP 5 won't change the fact that there's no real namespaces in PHP.
How sad.
But I digress.
And anything above machine language is all syntactic sugar anyhow ... why is that a problem ?
It's not so much about why it's a problem as it is about why it's necessary.
IMO, it's not. At least, not for a minor version upgrade. Maybe PHP 5,
but that feature set is largely set in stone afaik.
And even then I think namespaces are a better way to go about it.
There's a greatly reduced chance of variable naming getting in the way.
And as I said, PHP currently (sorta) implements this approach with arrays.
I agree that there's probably nicer ways to go about it syntactically,
but on the level that it's merely saving a few key strokes? I'd rather
take my chances avoiding namespace collisions, thanks.
Justin Koivisto wrote: IMHO, get rid of regist_globals altogether. ;P
Why ?
--
Spam:newsgroup( at)cr*********@ verisign-sux-klj.com
EMail:<01100011 001011100110001 001110101011100 10011010110
110010101000000 011000110111001 001100001011110 10011011100
110000101110010 001011100110001 101101111011011 0100100000>
Paulus Magnus wrote: As much inconvenience as register_global s has caused me personally, I do believe the world is a safer place because of it being changed.
So - any comments on the concept of a modified register_global s ability
?
--
Spam:newsgroup( at)cr*********@ verisign-sux-klj.com
EMail:<01100011 001011100110001 001110101011100 10011010110
110010101000000 011000110111001 001100001011110 10011011100
110000101110010 001011100110001 101101111011011 0100100000>
127.0.0.1 wrote: Justin Koivisto wrote:
IMHO, get rid of regist_globals altogether. ;P
Why ?
Then the facility to be sloppy isn't available. Force everyone to be a
little better coder. Besides, if you _really_ waned to, you can alwas do
something like extract($_REQUE ST) to have (I think) the same effect.
Therefore, in order to be sloppy, you have to go out and try to do it. :P
I used to do everything with register_global s on, and quickly learned
that it's a nightmare to debug when you happen to be using the same
variable name via POST and GET requests. Add that in with having the
variable also stored with COOKIES and a database, and you can see why it
causes more problems - you are never quite sure where the value came from.
My $.02
--
Justin Koivisto - sp**@koivi.com
PHP POSTERS: Please use comp.lang.php for PHP related questions,
alt.php* groups are not recommended.
Tom Lee wrote: I think a better approach would be namespace based - ala something like: httpsession::re ally_important_ stuff;
Then it would be pointless ... if we have to use XXXX<varname>XX XX,
then XXXX might as well be $_SESSION, as httpsession:: ... i'm trying
to come up with a secure version of register_global s... And anything above machine language is all syntactic sugar anyhow ... why is that a problem ? It's not so much about why it's a problem as it is about why it's necessary.
IMO, it's not.
Well - after 7 years of web programming Delphi/IIS, I'm finding PHP
session handling in conjunction with templating a real problem. I agree that there's probably nicer ways to go about it syntactically, but on the level that it's merely saving a few key strokes?
It isn't about saving keystrokes - it is about enabling some
functionality.. .
--
Spam:newsgroup( at)cr*********@ verisign-sux-klj.com
EMail:<01100011 001011100110001 001110101011100 10011010110
110010101000000 011000110111001 001100001011110 10011011100
110000101110010 001011100110001 101101111011011 0100100000> This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: Dalan |
last post by:
I have been using a module for printing labels in Access 97, and
although it works fine, I would like to add a small enhancement to it.
The module allows for setting the number of labels to print and/or to
skip; however, the Cancel command button does not function, nor does
clicking the X-close. Clicking either one is the same as clicking the
OK button.
Since the module creates and displays the dialog box, I will need a
piece of code to...
|
by: cody |
last post by:
What about an enhancement of foreach loops which allows a syntax like that:
foeach(int i in 1..10) { } // forward
foeach(int i in 99..2) { } // backwards
foeach(char c in 'a'..'z') { } // chars
foeach(Color c in Red..Blue) { } // using enums
It should work with all integral datatypes. Maybe we can step a bit further:
foeach(int i in 1..10, 30..100) { } // from 1 to 10 and 30 to hundred
|
by: WXS |
last post by:
Sometimes a method in a class requires the use of class instance
variables/fields that will not be used outside of the method itself.
Currently this means you must create a instance field in the class such that
from a maintenance stand point it is disconnected from the method, and also
affords the opportunity for other methods to mess with the variable when they
never should.
For example:
public class MyClass
|
by: WXS |
last post by:
I know this sounds contrary to the idea of an interface, but read this and
see what you think.
-----------------------------------------------------------------------------------------
It would be nice if there was a way for a class to create a special type of
interface, a private one. Private meaning it's not directly exposed at the
class level, you need to be explicitly handed a reference to it by the class.
Often the encapsulation issue...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
| |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
| |
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
|
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |