470,815 Members | 1,094 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 470,815 developers. It's quick & easy.

accessing $_GET implicitly

OK, here's the start of the index file I'm working on and its used for every page like so
index.php?action=register
index.php?action=logout
etc.
<?php

define ('IN_SITE', 1 );
define ('LOGGED_IN', FALSE );
$userinfo = '';

include('config.php');

$link = @mysql_connect ($DB_HOST, $DB_USER, $DB_PASS) or die ('SQL Connection troubles');
mysql_select_db ($DB_DB);

include($_SERVER['DOCUMENT_ROOT'] . "/functions.php");
if ($action != "do_login")
{
$user = $_COOKIE['user'];
$pass = $_COOKIE['pass'];
if (verifyuser('', $pass,$user) == TRUE)
Nowhere in config or functions is $action defined, so how can this work?
It works on CPanel but not in PLESK. In PLESK I added the line $action = $_GET['action'];
I thought it already had it, that got it working in PLESK aswell but some screens still don't show
so I took it out again.

Herc

Oct 19 '05 #1
2 2810
"|-|erc" <h@r.c> wrote in message
news:43***********************@authen.white.readfr eenews.net...
OK, here's the start of the index file I'm working on and its used for
every page like so
index.php?action=register
index.php?action=logout
etc.
if ($action != "do_login")
{
$user = $_COOKIE['user'];
$pass = $_COOKIE['pass'];
if (verifyuser('', $pass,$user) == TRUE)
Nowhere in config or functions is $action defined, so how can this work?


There is a PHP configuration directive (i.e. something you put in the config
file) "register_globals" which allows any or all entities from forms (GET
and POST), cookies, server internals and the local environment to appear to
scripts just as if they're day-to-day script variables. As of PHP 4.2.0 this
defaults to "off", though clearly you can turn it on if you so desire.

I don't personally like implicit variable definitions like this, because
variables can trample over one another and cause confusion (or even security
problems) when what you thought was a local variable turns out to be a field
from a form, or vice versa. The developers of PHP clearly don't like it
either, as they've taken the conscious decision to turn it off.

For a developer, a nicer way to go is the import_request_variables()
function, which you can drop into your scripts to register form variables
yourself. import_request_variables() allows you to prefix the variable names
with a text string to allow you to distinguish them from other variables -
so, for instance, everything I write has a import_request_variables() call
that makes all my form variables appear as $form_blah, thus guaranteeing I'm
not going to trample over local stuff by mistake.

HTH,

David C
Oct 19 '05 #2
"David Cartwright" <ds**********@hotmail.com> wrote in ...
: "|-|erc" <h@r.c> wrote in message
: > OK, here's the start of the index file I'm working on and its used for
: > every page like so
: > index.php?action=register
: > index.php?action=logout
: > etc.
: > if ($action != "do_login")
: > {
: > $user = $_COOKIE['user'];
: > $pass = $_COOKIE['pass'];
: > if (verifyuser('', $pass,$user) == TRUE)
: > Nowhere in config or functions is $action defined, so how can this work?
:
: There is a PHP configuration directive (i.e. something you put in the config
: file) "register_globals" which allows any or all entities from forms (GET
: and POST), cookies, server internals and the local environment to appear to
: scripts just as if they're day-to-day script variables. As of PHP 4.2.0 this
: defaults to "off", though clearly you can turn it on if you so desire.
:
: I don't personally like implicit variable definitions like this, because
: variables can trample over one another and cause confusion (or even security
: problems) when what you thought was a local variable turns out to be a field
: from a form, or vice versa. The developers of PHP clearly don't like it
: either, as they've taken the conscious decision to turn it off.
:
: For a developer, a nicer way to go is the import_request_variables()
: function, which you can drop into your scripts to register form variables
: yourself. import_request_variables() allows you to prefix the variable names
: with a text string to allow you to distinguish them from other variables -
: so, for instance, everything I write has a import_request_variables() call
: that makes all my form variables appear as $form_blah, thus guaranteeing I'm
: not going to trample over local stuff by mistake.
:

great thanks, I just used import_request_variables("gpc"); and all the pages work now.
GET and POST are so simple to use anyway so I'll stick with them atleast for my own code.

Herc

Oct 19 '05 #3

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

reply views Thread by James | last post: by
32 posts views Thread by Nuno Paquete | last post: by
17 posts views Thread by Andrae Muys | last post: by
6 posts views Thread by Rainman | last post: by
1 post views Thread by Greg Scharlemann | last post: by
3 posts views Thread by Michaelp | last post: by
5 posts views Thread by Aaron Gray | last post: by
reply views Thread by mihailmihai484 | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.