By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
443,359 Members | 1,495 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 443,359 IT Pros & Developers. It's quick & easy.

register_globals ON ? / OFF ?

P: n/a
Whats best :

register_globals ON ?

OR

register_globals OFF ?

I currently use:
$_POST
$_GET
$_REQUEST

Does On or Off make any major difference ?

Thanks
Jul 16 '05 #1
Share this Question
Share on Google+
4 Replies


P: n/a

"Nel" <ne***@ne14.co.NOSPAMuk> wrote in message
news:PF*********************@stones.force9.net...
<Frank @ MyPlace.Com (Frank)> wrote in message
news:3f****************@news.btclick.com...
Whats best :

register_globals ON ?

OR

register_globals OFF ?

I currently use:
$_POST
$_GET
$_REQUEST

Does On or Off make any major difference ?

Thanks


If you program with register_globals OFF you only need to make sure you
don't leave any uninitialised variables that can be abused by hackers.

Whether it's on or off you will still need to validate any user input, so I
perfer register_globals OFF, as it saves having to prefix all my variables
with $_POST etc.

If, on the other hand, you are worried that you may forget to initialise
your variables, then go for register_globals ON.

Nel

or vice versa ? I think you mean on when you said off, off when you said on.

Jul 16 '05 #2

P: n/a
Nel wrote:

Whether it's on or off you will still need to validate any user input, so
I perfer register_globals OFF, as it saves having to prefix all my
variables with $_POST etc.

If, on the other hand, you are worried that you may forget to initialise
your variables, then go for register_globals ON.


You mean the other way around here (on -> off, off -> on), but you shoudl
really use $_POST/GET/REQUEST (REQUEST is my preference) anyway, as your
projects increase in size you will quickly end up in a situation where it's
not clear wether a variable, $foononny you are using (and wrote 2 months
ago) is from a get/post or a locally generated (global) variable - using
$_GET/POST/REQUEST makes it perfectly clear.

--
James Sleeman
Gogo:Code, http://www.gogo.co.nz/
PHP & Coldfusion Programming Services
Email domain : gogo.co.nz see user in from header!
Jul 16 '05 #3

P: n/a
James Sleeman wrote:
Nel wrote:

Whether it's on or off you will still need to validate any user
input, so I perfer register_globals OFF, as it saves having to
prefix all my variables with $_POST etc.

If, on the other hand, you are worried that you may forget to
initialise your variables, then go for register_globals ON.


You mean the other way around here (on -> off, off -> on), but you
shoudl really use $_POST/GET/REQUEST (REQUEST is my preference)
anyway, as your projects increase in size you will quickly end up in
a situation where it's not clear wether a variable, $foononny you are
using (and wrote 2 months ago) is from a get/post or a locally
generated (global) variable - using $_GET/POST/REQUEST makes it
perfectly clear.


Why would you use $_REQUEST if you had control over the form generating the
request? Using $_REQUEST means that there are twice the number of checks for
PHP to do when parsing the data (it has to see whether the key exists in the
post data and in the get data) and it makes it easier for people to screw
around with input...
Jul 16 '05 #4

P: n/a
Nel
Whoops! The sinility must really be kicking in! ;-)
Thanks. Nel
"James Sleeman" <ja***@seeMessageForDomain.moc> wrote in message
news:Yz*******************@news02.tsnz.net...
Nel wrote:

Whether it's on or off you will still need to validate any user input, so I perfer register_globals OFF, as it saves having to prefix all my
variables with $_POST etc.

If, on the other hand, you are worried that you may forget to initialise
your variables, then go for register_globals ON.
You mean the other way around here (on -> off, off -> on), but you shoudl
really use $_POST/GET/REQUEST (REQUEST is my preference) anyway, as your
projects increase in size you will quickly end up in a situation where

it's not clear wether a variable, $foononny you are using (and wrote 2 months
ago) is from a get/post or a locally generated (global) variable - using
$_GET/POST/REQUEST makes it perfectly clear.

--
James Sleeman
Gogo:Code, http://www.gogo.co.nz/
PHP & Coldfusion Programming Services
Email domain : gogo.co.nz see user in from header!

Jul 16 '05 #5

This discussion thread is closed

Replies have been disabled for this discussion.