accessing $_GET implicitly

"|-|erc" <h@r.c> wrote in message
news:43***********************@authen.white.readfr eenews.net...

OK, here's the start of the index file I'm working on and its used for
every page like so
index.php?action=register
index.php?action=logout
etc.
if ($action != "do_login")
{
$user = $_COOKIE['user'];
$pass = $_COOKIE['pass'];
if (verifyuser('', $pass,$user) == TRUE)
Nowhere in config or functions is $action defined, so how can this work?

There is a PHP configuration directive (i.e. something you put in the config
file) "register_globals" which allows any or all entities from forms (GET
and POST), cookies, server internals and the local environment to appear to
scripts just as if they're day-to-day script variables. As of PHP 4.2.0 this
defaults to "off", though clearly you can turn it on if you so desire.

I don't personally like implicit variable definitions like this, because
variables can trample over one another and cause confusion (or even security
problems) when what you thought was a local variable turns out to be a field
from a form, or vice versa. The developers of PHP clearly don't like it
either, as they've taken the conscious decision to turn it off.

For a developer, a nicer way to go is the import_request_variables()
function, which you can drop into your scripts to register form variables
yourself. import_request_variables() allows you to prefix the variable names
with a text string to allow you to distinguish them from other variables -
so, for instance, everything I write has a import_request_variables() call
that makes all my form variables appear as $form_blah, thus guaranteeing I'm
not going to trample over local stuff by mistake.

HTH,

David C

"David Cartwright" <ds**********@hotmail.com> wrote in ...
: "|-|erc" <h@r.c> wrote in message
: > OK, here's the start of the index file I'm working on and its used for
: > every page like so
: > index.php?action=register
: > index.php?action=logout
: > etc.
: > if ($action != "do_login")
: > {
: > $user = $_COOKIE['user'];
: > $pass = $_COOKIE['pass'];
: > if (verifyuser('', $pass,$user) == TRUE)
: > Nowhere in config or functions is $action defined, so how can this work?
:
: There is a PHP configuration directive (i.e. something you put in the config
: file) "register_globals" which allows any or all entities from forms (GET
: and POST), cookies, server internals and the local environment to appear to
: scripts just as if they're day-to-day script variables. As of PHP 4.2.0 this
: defaults to "off", though clearly you can turn it on if you so desire.
:
: I don't personally like implicit variable definitions like this, because
: variables can trample over one another and cause confusion (or even security
: problems) when what you thought was a local variable turns out to be a field
: from a form, or vice versa. The developers of PHP clearly don't like it
: either, as they've taken the conscious decision to turn it off.
:
: For a developer, a nicer way to go is the import_request_variables()
: function, which you can drop into your scripts to register form variables
: yourself. import_request_variables() allows you to prefix the variable names
: with a text string to allow you to distinguish them from other variables -
: so, for instance, everything I write has a import_request_variables() call
: that makes all my form variables appear as $form_blah, thus guaranteeing I'm
: not going to trample over local stuff by mistake.
:

great thanks, I just used import_request_variables("gpc"); and all the pages work now.
GET and POST are so simple to use anyway so I'll stick with them atleast for my own code.

Herc