472,805 Members | 820 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > php > questions > register globals !

Join Bytes to post your question to a community of 472,805 software developers and data experts.

Register Globals !

Nel
I have a question related to the "security" issues posed by Globals ON.

It is good programming technique IMO to initialise variables, even if it's
just
$foo = 0;
$bar = "";

Surely it would be better to promote better programming than rely on PHP to
compensate for lazy programming?

Of does turning RG off have some other benefit of which I am not aware?

Nel
--
DISCLAIMER: There is an extremely small but nonzero chance that,
through a process known as "Tunnelling", this e-mail may spontaneously
disappear from its present location and reappear at any random place in the
Universe, including your neighbour's domicile. The sender will not be
responsible for any damages or inconvenience that may result.
Jul 16 '05 #1
1 4208
Nel wrote:
I have a question related to the "security" issues posed by Globals ON.

It is good programming technique IMO to initialise variables, even if it's
just
$foo = 0;
$bar = "";

Surely it would be better to promote better programming than rely on PHP to
compensate for lazy programming?
yes, that's right.
If you program strict and in a good style register globals won't harm
you. But what if you once forget to initialize a variable? Register
Globals is not a real security hole, but some programmer may forget an
initialization (for instance when many programmer work on that project).

Of does turning RG off have some other benefit of which I am not aware?


yes: global variables are bad.
why would one use them? because it is easy to work with global variables.

If register globals is Off you are more likely to use less global variables.

for instance:
you use in a script (not in a function, in global namespace) a variable
called $site, and some months later an other programmer invent a new
feature to display a table over more than one site -> he invents a GET
param called $site to know which site actually is displayed -> you
overwrite with your $site his GET $site and now you're in trouble.

because PHP doesn't provide namespaces it is important to seperate the
different 'namespaces'. $_GET has nothing to do with the global
namespace (of course it has, but it's kind of child of $GLOBALS - so
this is how you should use it)

Jul 16 '05 #2
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

7
Why not write a routine to bypass register globals off?
by: Paul Liversidge | last post by:
I'd like your opinions as to why I don't use something like this... A function that iterates through $_GET, $_POST, $_COOKIES and $_SESSION arrays and turn them back into conventional variables....
PHP
1
Session problems with register globals enabled
by: Manu J | last post by:
Hi, i have a login script which makes use of sessions. Login script *********** session_start() ..... ..... ....
PHP
3
check for register globals
by: Jeremy Shovan | last post by:
Does any one know if there is a way to check if register globals is on or off in a program. Thanks, Jeremy
PHP
5
array_multisort on $GLOBALS array
by: Frostillicus | last post by:
I'm trying to use array_multisort to sort by one of the dimensions of an array stored in $GLOBALS like this: array_multisort($GLOBALS, SORT_STRING, SORT_DESC); Each "row" in $GLOBALS contains...
PHP
12
changing old script - register globals - how to convert?
by: kevin bailey | last post by:
this old script was written when register globals was 'on'. now i need to convert it to run on a server with a php 4.3.6 - do i just convert the relevant variables from $posted_variable to...
PHP
1
Register SuperGlobal
by: pkp | last post by:
Does anyone know a way I can register my own superglobal? Meaning, I would like to make my own variable such as $_SESSION which is available in all scopes and contexts without having to declare...
PHP
1
magic quotes and register globals
by: yawnmoth | last post by:
even though register globals is disabled by default, i'm currious as to how it and magic quotes interact. consider the following code: <? // assuming $_GET='"test"' and register globals enabled...
PHP
4
Turn off Register Globals gives me a headache
by: Angelos Devletoglou | last post by:
Hi... It drives me nuts this server. My php.ini says that register_globals is OFF and when I run phpinfo() it says they are ON. I restarted both httpd and the whole server still nothing. IS...
PHP
2
Tip about register globals set to "on"
by: sheldonlg | last post by:
I did some coding on a site where register_globals is set to on. The problem I encountered was that the session variable changed without my changing it explicitly. I knew that in register globals...
PHP
2
isladogs
Access Europe meeting on Wed 2 August - An Access Developer Guide to creating applications in Blazor
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 2 August 2023 starting at 18:00 UK time (6PM UTC+1) and finishing at about 19:15 (7.15PM) The start time is equivalent to 19:00 (7PM) in Central...
Microsoft Access / VBA
0
linyimin
Speedup your spring application
by: linyimin | last post by:
Spring Startup Analyzer generates an interactive Spring application startup report that lets you understand what contributes to the application startup time and helps to optimize it. Support for...
General
0
Steps manually installing IntelliJ IDEA.
by: erikbower65 | last post by:
Here's a concise step-by-step guide for manually installing IntelliJ IDEA: 1. Download: Visit the official JetBrains website and download the IntelliJ IDEA Community or Ultimate edition based on...
General
2
isladogs
Access Europe meeting on Wed 6 Sept - Database Analyzer and other tools
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Sept 2023 starting at 18:00 UK time (6PM UTC+1) and finishing at about 19:15 (7.15PM) The start time is equivalent to 19:00 (7PM) in Central...
Microsoft Access / VBA
0
How to insert a new record in a database
by: Taofi | last post by:
I try to insert a new record but the error message says the number of query names and destination fields are not the same This are my field names ID, Budgeted, Actual, Status and Differences ...
DB2 Database
14
DJRhino1175
Cancel Print Action if Sub form has No Records
by: DJRhino1175 | last post by:
When I run this code I get an error, its Run-time error# 424 Object required...This is my first attempt at doing something like this. I test the entire code and it worked until I added this - If...
Microsoft Access / VBA
0
Python code for finding the longest common subsequence
by: Rina0 | last post by:
I am looking for a Python code to find the longest common subsequence of two strings. I found this blog post that describes the length of longest common subsequence problem and provides a solution in...
Python
5
To verify entry of a dropdown
by: DJRhino | last post by:
Private Sub CboDrawingID_BeforeUpdate(Cancel As Integer) If = 310029923 Or 310030138 Or 310030152 Or 310030346 Or 310030348 Or _ 310030356 Or 310030359 Or 310030362 Or...
Microsoft Access / VBA
2
Windows 11 and Access Combo Box Issue
by: DJRhino | last post by:
Was curious if anyone else was having this same issue or not.... I was just Up/Down graded to windows 11 and now my access combo boxes are not acting right. With win 10 I could start typing...
Microsoft Access / VBA

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2023
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!