473,320 Members | 1,870 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

Finding errors due to register globals?

I don't suppose anyone knows of a script/program to try and identify
where variables are used assuming register_globals is on? I'm trying to
fix an application and would rather not turn it on as there are several
applications on the server.

I'm thinking of something which can identify use of variables (right
hand side of assignments) before definition (left hand side of assignments).

Any pointers?
Jul 17 '05 #1
4 1844
Kevin Thorpe wrote:
I don't suppose anyone knows of a script/program to try and identify
where variables are used assuming register_globals is on? I'm trying to
fix an application and would rather not turn it on as there are several
applications on the server.

I'm thinking of something which can identify use of variables (right
hand side of assignments) before definition (left hand side of assignments).

Any pointers?


http://www.php.net/error_reporting

--
USENET would be a better place if everybody read: | to email me: use |
http://www.catb.org/~esr/faqs/smart-questions.html | my name in "To:" |
http://www.netmeister.org/news/learn2quote2.html | header, textonly |
http://www.expita.com/nomime.html | no attachments. |
Jul 17 '05 #2
Pedro Graca wrote:
Kevin Thorpe wrote:
I don't suppose anyone knows of a script/program to try and identify
where variables are used assuming register_globals is on? I'm trying to
fix an application and would rather not turn it on as there are several
applications on the server.

I'm thinking of something which can identify use of variables (right
hand side of assignments) before definition (left hand side of assignments).

Any pointers?

http://www.php.net/error_reporting

Unfortunately that's only at runtime. I don't rely on default values for
variables and have turned on all the error checking but I still need to
read every line of code or perform a comprehensive test to execute every
line.

I was hoping someone had a script to assist. If php was compiled then
these errors would be caught at compile time.
Jul 17 '05 #3
Kevin Thorpe wrote:
Pedro Graca wrote:
Kevin Thorpe wrote:
Any pointers?


http://www.php.net/error_reporting


Unfortunately that's only at runtime. ...


There's no saying where a uninitialized variable can be used ...
It can be on the right side of an assignment; as a parameter to a
function call; on the left side of a test; ...

Good luck in finding a script that finds them all :)

You might want to try installing the scripts in a test directory and set
auto_prepend_file in that directory to a script that sets error_handler
to a function that logs all notices to a file (or database, or ...).

Make a few test runs, examine the log, and (manually) correct the
errors.
Skeleton auto_prepend_file

<?php
function Notice_Handler($n, $d, $f, $l) {
if ($n == 8) {
// log $d, $f, and $l somewhere
}
}

set_error_handler('Notice_Handler');
?>

--
USENET would be a better place if everybody read: | to email me: use |
http://www.catb.org/~esr/faqs/smart-questions.html | my name in "To:" |
http://www.netmeister.org/news/learn2quote2.html | header, textonly |
http://www.expita.com/nomime.html | no attachments. |
Jul 17 '05 #4
> There's no saying where a uninitialized variable can be used ...
It can be on the right side of an assignment; as a parameter to a
function call; on the left side of a test; ...

Good luck in finding a script that finds them all :)
I know. Looking into it requires writing a full parser. I can do that
but is it really worth my time? php syntax is pretty complex with
embedded variables and such so it's a lot of work. Maybe I should do it
and make it GPL, but I'm not sure I have the time.
You might want to try installing the scripts in a test directory and set
auto_prepend_file in that directory to a script that sets error_handler
to a function that logs all notices to a file (or database, or ...).


That still requires a test script (or me) to exercise all the code. Lots
of work for a one-off intranet app.

People keep hitting this problem, it's a FAQ. I was just wishfully
thinking that it had been addressed. Are there any zend people listening?
Jul 17 '05 #5

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
by: Nel | last post by:
I have a question related to the "security" issues posed by Globals ON. It is good programming technique IMO to initialise variables, even if it's just $foo = 0; $bar = ""; Surely it would...
7
by: Paul Liversidge | last post by:
I'd like your opinions as to why I don't use something like this... A function that iterates through $_GET, $_POST, $_COOKIES and $_SESSION arrays and turn them back into conventional variables....
1
by: Manu J | last post by:
Hi, i have a login script which makes use of sessions. Login script *********** session_start() ..... ..... ....
3
by: Jeremy Shovan | last post by:
Does any one know if there is a way to check if register globals is on or off in a program. Thanks, Jeremy
3
by: Jason | last post by:
hello, i am new to PHP, so go easy. I am using the examples in the book: PHP: Your Visual Blueprint For Creating Open Source, Server Side Content In the section where they talk about...
12
by: kevin bailey | last post by:
this old script was written when register globals was 'on'. now i need to convert it to run on a server with a php 4.3.6 - do i just convert the relevant variables from $posted_variable to...
1
by: yawnmoth | last post by:
even though register globals is disabled by default, i'm currious as to how it and magic quotes interact. consider the following code: <? // assuming $_GET='"test"' and register globals enabled...
21
by: André | last post by:
Short version of what I am looking for: Given a class "public_class" which is instantiated a few times e.g. a = public_class() b = public_class() c = public_class() I would like to find...
2
by: Kavitha Rao | last post by:
Hi, I am getting the following errors while trying to run this snippet in Microsoft Visual C++.Can't seem to print the crc value stored. /* +++Date last modified: 05-Jul-1997 */ /* Crc - 32...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
0
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
0
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.