security issue

doublehops

I am wondering if anyone can tell me if the following code to retrieve values is as dangerous as having global variables on as it pretty much has the same result.

if (isset($HTTP_POST_VARS)) {
foreach ($HTTP_POST_VARS as $k => $v) {
${$k} = $v;
}}

if (isset($HTTP_GET_VARS)) {
foreach ($HTTP_GET_VARS as $k => $v) {
${$k} = $v;
}}

Thanks,
Damien.

laserlight

Yes, it is.

drawmack

yup all you've done is created a php function that turns globals on

doublehops

OK, thankyou. I thought that was the case but I was hoping to find a way to retrieve variables without doing it one by one.

Damien.

drawmack

<?php
$errors = '';
foreach(array_keys($_GET) as $key) {
    if(isset($$key)) {$errors .= "$key not coppied from get to aboid overwritting preexisting variable.<br />\n":}
    else {$$key = $_GET[$key];}
}
?>

But is it really that much harder to type $_GET['key'] then it is to type $key?

doublehops

Does that mean it's safe to use the following code from your example?

$errors = '';
foreach(array_keys($GET) as $key) {
if(isset($$key)) {$errors .= "$key not coppied from get to aboid overwritting preexisting variable.<br />\n":}
else {$$key = $GET[$key];}
}

$errors = '';
foreach(array_keys($POST) as $key) {
if(isset($$key)) {$errors .= "$key not coppied from get to aboid overwritting preexisting variable.<br />\n":}
else {$$key = $POST[$key];}
}