By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
458,127 Members | 1,336 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 458,127 IT Pros & Developers. It's quick & easy.

FOLLOW-UP: [Idea for PHP Enhancement: register_globals_manual]

P: n/a
On 10/06/2003 11:50 AM CST, the OP, 127.0.0.1, wrote:
httpget $user_id;
httppost $credit_card;
session $really_important_stuff;

Each of these declaration lines would effectively enable
register_globals for one specific variable in one particular method
(GET, POST or session).

Creative suggestions, comments would be welcome.
Justin Koivisto wrote: The proposal in the form of functions:

<?php
// usage example
global_session('var1');

function global_get($var){
if(!array_key_exists($var,$_GET))
$_GET[$var]='';
$GLOBALS[$var]=&$_GET[$var];
}

function global_post($var){
if(!array_key_exists($var,$_POST))
$_POST[$var]='';
$GLOBALS[$var]=&$_POST[$var];
}

function global_session($var){
if(!array_key_exists($var,$_SESSION))
$_SESSION[$var]='';
$GLOBALS[$var]=&$_SESSION[$var];
}

function global_cookie($var){
if(!array_key_exists($var,$_COOKIE))
$_COOKIE[$var]='';
$GLOBALS[$var]=&$_COOKIE[$var];
}

function global_server($var){
if(!array_key_exists($var,$_SERVER))
$_SERVER[$var]='';
$GLOBALS[$var]=&$_SERVER[$var];
}

function global_files($var){
if(!array_key_exists($var,$_FILES))
$_FILES[$var]='';
$GLOBALS[$var]=&$_FILES[$var];
}

function global_env($var){
if(!array_key_exists($var,$_ENV))
$_ENV[$var]='';
$GLOBALS[$var]=&$_ENV[$var];
}

function global_request($var){
if(!array_key_exists($var,$_REQUEST))
$_REQUEST[$var]='';
$GLOBALS[$var]=&$_REQUEST[$var];
}
?>
The proposal makes it explicit which variables you expect to use from
the _GET array, so an unexpected variable won't get extracted and
overwrite the session variable you intended to use. You get nearly
the convenience of register_globals=on with none of the security
risk.


I broadened the scope of the proposal in the process. These functions
now support all of the super globals (except$ GLOBALS)in PHP. I also
changed the names to be prefixed by global_ and then the lowercase
name of the superglobal array to play with.

Also, I thought about the case where the key didn't exist in the
superglobal. If this is the case, the key is created and then
referenced. This would likely be handy for _SESSION more than
anything.


Just wanted to follow-up on this one. Did this actually satisfy the
proposal set forth by the OP? I haven't noticed any posts to the thread
since I submitted this.

Ideas/comments/suggestions welcome on this as well.

--
Justin Koivisto - sp**@koivi.com
PHP POSTERS: Please use comp.lang.php for PHP related questions,
alt.php* groups are not recommended.

Jul 17 '05 #1
Share this Question
Share on Google+
4 Replies


P: n/a
Justin Koivisto wrote:

Just wanted to follow-up on this one. Did this actually satisfy the
proposal set forth by the OP? I haven't noticed any posts to the
thread since I submitted this.


THe following are the basic original requirements:
1. Be reasonably safe from abuse (unlike register_global etc)
2. Allow a real PHP variable (e.g. $XYZ) to be intimately associated
with a SESSION, COOKIE, GET, POST etc varible - from instant of
declaration through to explicit or implicit script execution end.
3. Optionally $XYZ may use a prefix to the variable name (e.g.
$Session_XYZ) the entire variable name must be a valid identifier (i.e.
$Session['XYZ'] is not allowable).

THat is about it.

Just from looking at the above code - looks OK, however have not tested
it.

--
Spam:newsgroup(at)cr*********@verisign-sux-klj.com
EMail:<0110001100101110011000100111010101110010011 010110
11001010100000001100011011100100110000101111010011 011100
11000010111001000101110011000110110111101101101001 00000>
Jul 17 '05 #2

P: n/a
127.0.0.1 wrote:
Justin Koivisto wrote:

Just wanted to follow-up on this one. Did this actually satisfy the
proposal set forth by the OP? I haven't noticed any posts to the
thread since I submitted this.

THe following are the basic original requirements:
1. Be reasonably safe from abuse (unlike register_global etc)
2. Allow a real PHP variable (e.g. $XYZ) to be intimately associated
with a SESSION, COOKIE, GET, POST etc varible - from instant of
declaration through to explicit or implicit script execution end.
3. Optionally $XYZ may use a prefix to the variable name (e.g.
$Session_XYZ) the entire variable name must be a valid identifier (i.e.
$Session['XYZ'] is not allowable).

Just from looking at the above code - looks OK, however have not tested
it.


I think to satisfy item #3, you'd have to modify the functions as so:

<?php
function global_get($var){
if(!array_key_exists($var,$_GET))
$_GET[$var]='';
$GLOBALS[$var]=&$_GET[$var];
$GLOBALS['GET_'.$var]=&$GLOBALS[$var];
}

function global_post($var){
if(!array_key_exists($var,$_POST))
$_POST[$var]='';
$GLOBALS[$var]=&$_POST[$var];
$GLOBALS['POST_'.$var]=&$GLOBALS[$var];
}

function global_session($var){
if(!array_key_exists($var,$_SESSION))
$_SESSION[$var]='';
$GLOBALS[$var]=&$_SESSION[$var];
$GLOBALS['SESSION_'.$var]=&$GLOBALS[$var];
}

function global_cookie($var){
if(!array_key_exists($var,$_COOKIE))
$_COOKIE[$var]='';
$GLOBALS[$var]=&$_COOKIE[$var];
$GLOBALS['COOKIE_'.$var]=&$GLOBALS[$var];
}

function global_server($var){
if(!array_key_exists($var,$_SERVER))
$_SERVER[$var]='';
$GLOBALS[$var]=&$_SERVER[$var];
$GLOBALS['SERVER_'.$var]=&$GLOBALS[$var];
}

function global_files($var){
if(!array_key_exists($var,$_FILES))
$_FILES[$var]='';
$GLOBALS[$var]=&$_FILES[$var];
$GLOBALS['FILES_'.$var]=&$GLOBALS[$var];
}

function global_env($var){
if(!array_key_exists($var,$_ENV))
$_ENV[$var]='';
$GLOBALS[$var]=&$_ENV[$var];
$GLOBALS['ENV_'.$var]=&$GLOBALS[$var];
}

function global_request($var){
if(!array_key_exists($var,$_REQUEST))
$_REQUEST[$var]='';
$GLOBALS[$var]=&$_REQUEST[$var];
$GLOBALS['REQUEST_'.$var]=&$GLOBALS[$var];
}
?>

This should then allow using all of these to access the same value in
memory:

<?php
global_session('var1');
$var1='test';
echo $var1,'<br>';
echo $SESSION_var1,'<br>';
echo $GLOBALS['var1'],'<br>';
echo $GLOBALS['SESSION_var1'],'<br>';
echo $_SESSION['var1'],'<br>';
?>

In turn, setting any one of them should change all the values because it
is all referenced, meaning it's all just one memory location. This all
works for my setup with php 4.3.3.

--
Justin Koivisto - sp**@koivi.com
PHP POSTERS: Please use comp.lang.php for PHP related questions,
alt.php* groups are not recommended.

Jul 17 '05 #3

P: n/a
Justin Koivisto wrote:
Justin Koivisto wrote:
> > Just wanted to follow-up on this one. Did this actually
> > satisfy the
proposal set forth by the OP? I haven't noticed any posts to the
thread since I submitted this.
> THe following are the basic original requirements:

1. Be reasonably safe from abuse (unlike register_global etc)
2. Allow a real PHP variable (e.g. $XYZ) to be intimately associated
with a SESSION, COOKIE, GET, POST etc varible - from instant of
declaration through to explicit or implicit script execution end.
3. Optionally $XYZ may use a prefix to the variable name (e.g.
$Session_XYZ) the entire variable name must be a valid identifier
(i.e. $Session['XYZ'] is not allowable).
Just from looking at the above code - looks OK, however have not
tested

it.


I think to satisfy item #3, you'd have to modify the functions as so:


Sorry, #3 isn't saying that the solution has to have that
functionality, just that if there NEEDS to be some modification in the
variable name, that it consist of only standard identifier allowable
characters.

Given the solution posted allows $XXX to be created, then 3. is
satisfied.

--
Spam:newsgroup(at)cr*********@verisign-sux-klj.com
EMail:<0110001100101110011000100111010101110010011 010110
11001010100000001100011011100100110000101111010011 011100
11000010111001000101110011000110110111101101101001 00000>
Jul 17 '05 #4

P: n/a
127.0.0.1 wrote:
Justin Koivisto wrote:

Justin Koivisto wrote:

>>Just wanted to follow-up on this one. Did this actually
>>satisfy the

proposal set forth by the OP? I haven't noticed any posts to the
thread since I submitted this.

>THe following are the basic original requirements:

1. Be reasonably safe from abuse (unlike register_global etc)
2. Allow a real PHP variable (e.g. $XYZ) to be intimately associated
with a SESSION, COOKIE, GET, POST etc varible - from instant of
declaration through to explicit or implicit script execution end.
3. Optionally $XYZ may use a prefix to the variable name (e.g.
$Session_XYZ) the entire variable name must be a valid identifier
(i.e. $Session['XYZ'] is not allowable).

Just from looking at the above code - looks OK, however have not
tested

it.


I think to satisfy item #3, you'd have to modify the functions as so:

Sorry, #3 isn't saying that the solution has to have that
functionality, just that if there NEEDS to be some modification in the
variable name, that it consist of only standard identifier allowable
characters.

Given the solution posted allows $XXX to be created, then 3. is
satisfied.


Thanks for the feedback. I have posted an article on this now.
http://www.koivi.com/manual-php-globals/

--
Justin Koivisto - sp**@koivi.com
PHP POSTERS: Please use comp.lang.php for PHP related questions,
alt.php* groups are not recommended.

Jul 17 '05 #5

This discussion thread is closed

Replies have been disabled for this discussion.