By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
429,401 Members | 803 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 429,401 IT Pros & Developers. It's quick & easy.

Variables_Order Setting

P: n/a
According to an O'Reilly PHP book I have, setting variables_order to "ES" is
safer, but that one will need to create global variables, not rely on them
being created.

Fair enough. But why does setting variables_order to ES cause the following
to break, even though it is what O'Reilly recommends? The "id" variable is
unpopulated. I have PHP 4.3.4 on Linux.


$id = clean($_GET['id'],5);
$result = mysql_query("SELECT * FROM my_table where id = $id",$db);
$myrow = mysql_fetch_array($result);
Jul 17 '05 #1
Share this Question
Share on Google+
3 Replies


P: n/a
>
$id = clean($_GET['id'],5);
$result = mysql_query("SELECT * FROM my_table where id = $id",$db);
$myrow = mysql_fetch_array($result);


This is what "clean" does, in case that is relevant.

function clean($input, $maxlength)
{
$input = substr($input, 0, $maxlength);
$input = EscapeShellCmd($input);
return ($input);
}
Jul 17 '05 #2

P: n/a
On Tue, 21 Dec 2004 15:29:38 -0500, "Buck Turgidson" <jc***@hotmail.com> wrote:
According to an O'Reilly PHP book I have, setting variables_order to "ES" is
safer, but that one will need to create global variables, not rely on them
being created.

Fair enough. But why does setting variables_order to ES cause the following
to break, even though it is what O'Reilly recommends? The "id" variable is
unpopulated. I have PHP 4.3.4 on Linux.

$id = clean($_GET['id'],5);
$result = mysql_query("SELECT * FROM my_table where id = $id",$db);
$myrow = mysql_fetch_array($result);


variables_order has no relation at all with the previous code. It only affects
the deprecated register_globals method of form input, or the $_REQUEST
superglobal.

--
Andy Hassall / <an**@andyh.co.uk> / <http://www.andyh.co.uk>
<http://www.andyhsoftware.co.uk/space> Space: disk usage analysis tool
Jul 17 '05 #3

P: n/a
If $id is unpopulated, your query will be:
SELECT * FROM my_table where id =
which is invalid.
"Buck Turgidson" <jc***@hotmail.com> wrote in message
news:im************@turf.turgidson.com...
According to an O'Reilly PHP book I have, setting variables_order to "ES"
is
safer, but that one will need to create global variables, not rely on them
being created.

Fair enough. But why does setting variables_order to ES cause the
following
to break, even though it is what O'Reilly recommends? The "id" variable
is
unpopulated. I have PHP 4.3.4 on Linux.


$id = clean($_GET['id'],5);
$result = mysql_query("SELECT * FROM my_table where id = $id",$db);
$myrow = mysql_fetch_array($result);

Jul 17 '05 #4

This discussion thread is closed

Replies have been disabled for this discussion.