By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
434,641 Members | 2,110 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 434,641 IT Pros & Developers. It's quick & easy.

Am I just registering globals here?

P: n/a
I have a bunch of old sites I need to change to account for the new default
value register_globals=Off

The quickest way was to put this in my header file:
foreach ($HTTP_POST_VARS as $header=> $value ){

$$header = $value;

}
Did I just negate the value of the new default value? I'm trying to strike a
balance so that I don't have to go through dozens of pages, finding all the
unitialized variables, and still obtain some of the added security.

All comments are appreciated. Still reading up on this parameter. thanks
Jul 17 '05 #1
Share this Question
Share on Google+
2 Replies


P: n/a
Matthew Crouch:
I have a bunch of old sites I need to change to account for the new
default value register_globals=Off

The quickest way was to put this in my header file:
foreach ($HTTP_POST_VARS as $header=> $value ){

$$header = $value;

}
That's a workaround, an even simpler solution would be:
extract($HTTP_POST_VARS);
extract($HTTP_GET_VARS);
Did I just negate the value of the new default value?
Yes.
I'm trying to strike
a balance so that I don't have to go through dozens of pages, finding all
the unitialized variables, and still obtain some of the added security.


The only danger is the use of uninitialized variables, so the only way you
can fix the security problem is by initializing the variables.

If you always initialize your variables, there is no difference in the level
of security between register globals on and off.

André Nęss

Jul 17 '05 #2

P: n/a
André Nęss wrote:
Matthew Crouch:
I have a bunch of old sites I need to change to account for the new
default value register_globals=Off

The quickest way was to put this in my header file:
foreach ($HTTP_POST_VARS as $header=> $value ){

$$header = $value;

}
That's a workaround, an even simpler solution would be:
extract($HTTP_POST_VARS);
extract($HTTP_GET_VARS);
Did I just negate the value of the new default value?


Yes.
I'm trying to strike
a balance so that I don't have to go through dozens of pages, finding all
the unitialized variables, and still obtain some of the added security.


The only danger is the use of uninitialized variables, so the only way you
can fix the security problem is by initializing the variables.


This may be an interesting read to you as well:
http://www.koivi.com/manual-php-globals/
If you always initialize your variables, there is no difference in the level
of security between register globals on and off.


That's true, if you *never* *trust* *user* *input* you're good to go.

--
Justin Koivisto - sp**@koivi.com
PHP POSTERS: Please use comp.lang.php for PHP related questions,
alt.php* groups are not recommended.

Jul 17 '05 #3

This discussion thread is closed

Replies have been disabled for this discussion.