On or Off

trooper

Do you write your code with register_globals on or off?

planetsim

You should always have it off. Most Web Hosts now provide PHP with Register Globals OFF. Its also a better way of coding practice, and good in the development stage.

mahers

Off definately. From what I've read all code should be written as if register_globals were off.

PyroX

I feel with proper validation globals can be left on. Just becasue several people made poor decisions about not validating input, we are all made to think that globals are the devil. One of the things I loved about php was that I could write script that could accept input from post/get/url/session/cookies and not have to code specifics for each. If your code is running a system call, and you do not validate the input, it is your fault. Now every single script written prior to this register globals off age must be re-written to allow people who should not be coding to have som simple security.

Just my 2 cents.

Weedpacket

All very fine if you've got full control over your server and its initialisation settings; but code written with the assumption that register_globals is off will run whether it is or not; a good thing if it's not something you can decide.

There's also a slight performance hit (though it's probably too small to worry about) having register_globals on, since it effectively inserts the lines
extract($GET);
extract($POST);
extract($_COOKIE);
etc...
at the top of every script (depending on the order specified in php.ini).

NoFear

I prefer to have register globals on, but that's because I'm hosting myself, and I am making sure that input is being validated. It makes coding that much easier without having to worry about the little things... which is what php is best known for.

NoFear

woOhoO!!!! The last one was my senior member post!

Weedpacket

One of the things I like (apart from the fact that $FILES[] and $SESSION[] are just plain easier to use) about $GET[], $POST[] etc., is that they provide a ready-made isolation ward for tainted data; I can inspect them thoroughly before I let them loose into my regular namespace. I can furthermore do this in generic library functions that don't need to know in advance what variables they're going to have to examine (by looping over the arrays they can determine what sort of request is being made - since sometimes the same script might have half a dozen different form requests (possibly concatenated) to process depending on context). Part of the idea is to make the data smart and structured in a form appropriate to the task, and then the code can get away with being straightforward and dumb (and fast). Using a flat pile of primitive variables and having to go through all sorts of contortions to get anything useful out of them is nowhere near as robust.

But of course, the question is one of coding for register_globals=on or =off, not whether or not $_GET['foo'] provides more semantics than $foo. I code for it being off; partly paranoia, partly the above convenience it provides, partly because register_globals is potentially going to be disabled permanently in the fairly near future and I'm too lazy to contemplate grovelling over scripts trying to figure out which variables came from where. And it saves on documentation.

phpray

why do ppl say it is better coding practice?
does it chew memory resources?

having globals on makes life so much easier when you code. i have a global for every occasion possible.

trooper

Woah !!! What have i started here

I personally prefer to have register_globals off. For much the same reason as weedpacket.

I just wanted to see what people prefer. I must admit that when i started php'ing (3 years ago) i used to leave them on because it was easier to do so.

But now i wouldn't have it any other way than off.

thats my two penneth work 😃

stolzyboy

uhrah to register_globals off, you may as well get used to it, since php will most likely weed it out, no pun intended weedpacket, and then you are certain it will work on any version of php, and whether or not it is on or off. Assuming it is on is horribly wrong, remember, "Assumpions are the mother of all f$*k-ups!!"

abnfire

if you were creating a application then you dont want to guess weather global is on or off, you want to make sure that your application would work in both condition, not just one condition with Globals on.