[RESOLVED] register_globals

jtmathome

I switched to a host that has register_globals off, help. How do I register my globals? Almost all of my scripts pass variables from page to page.

rkolbe

jtmathome wrote:
I switched to a host that has register_globals off, help. How do I register my globals? Almost all of my scripts pass variables from page to page.

$_SESSION

http://www.php.net/manual/en/ref.session.php

Houdini

$POST, $GET, $REQUEST $COOKIE see register_globals They should be off as they are bad Bad Bad. In PHP6 there will not even be an option about them being on or available, learn the proper way NOW

Weedpacket

This is also noted as Question One of the FAQ in the Newbies forum.
Another link to the manual: http://www.php.net/manual/en/language.variables.external.php (as these will also be affected)

jtmathome

Thanks for all the feedback. It's hard to believe that my old host (Yahoo!) has register_globals turned on with it being such a risk. I guess this will qualify as another reason why I changed hosts. Thanks again.

jtmathome

I keep trying with no luck. I've tried

print_r ($_REQUEST, true); but variables not recognised

This is what i'm trying to do:

page 1 has $Pet = "dog"; so I create a link like nextpage.php?Pet=$Pet and next page does not see pet.

Houdini

You have to

$_GET['pet'];

or do this
testpet.php

<?php
$pet="dog";
echo "Click here to see the <a href='http://localhost/pet.php?pet=$pet'>Pet of the Day</a>";
//Use your URL to your site unless using a localhost like in the above example
?>

pet.php

<?php
echo $_REQUEST['pet'];
// or try
echo $_GET['pet'];
?>

EPJS

Houdini wrote:
$POST, $GET, $REQUEST $COOKIE see register_globals They should be off as they are bad Bad Bad. In PHP6 there will not even be an option about them being on or available, learn the proper way NOW

Wouldn't those that you listed be Super Globals, and not Register Globals?

$_POST = Super Global = good
$HTTP_POST_VARS = Register Global = bad

jtmathome

Well I'm finally getting somewhere using...

$Var1 = $GET ['Var1'];
$Var2 = $POST ['Var2']; (From form POST method)
$Var3 = $_GET ['Var3'];

Would there be a single statement that could validate all variables at once? Now I have one heck of a lot of script re-writing to do. Thanks again.

Weedpacket

EPJS wrote:
$HTTP_POST_VARS = Register Global = bad

No,
$_POST = Super global = good
$HTTP_POST_VARS = ordinary variable, doesn't use register_globals = deprecated
$whatever = ordinary variable, uses register_globals = bad

mtmathome wrote:
Would there be a single statement that could validate all variables at once?

Depends on what "validate" means. Frankly, rewriting the script would be better since any temporary workarounds (e.g., [man]extract[/man]) would generally negate the reason for turning register_globals off in the first place.

jtmathome

So let me get this right... I may include something like this at the top of my .php page to initialize / validate my variable passed from a previous page...

$Amount = $REQUEST['Amount'];
$CheckNumber = $REQUEST['CheckNumber'];
$Description = $REQUEST['Description'];
$Description2 = $REQUEST['Description2'];
$KBytes = $REQUEST['KBytes'];
$Mode = $REQUEST['Mode'];
$Note = $REQUEST['Note'];
$Page = $REQUEST['Page'];
$Query = $REQUEST['Query'];
$Record = $REQUEST['Record'];
$Server = $REQUEST['Server'];
$Speed = $REQUEST['Speed'];
$TransDay = $REQUEST['TransDay'];
$TransMonth = $REQUEST['TransMonth'];
$TransYear = $REQUEST['TransYear'];
$Type = $REQUEST['Type'];
$User = $_REQUEST['User'];

bradgrafelman

Sure, if you wanted to generate warning messages. I usually do:

$var = (isset($_GET['var']) ? $_GET['var'] : '');

This has a few benefits:

No warning messages are generated - uses [man]isset/man to make sure the index exists before I try using it.
I can configure a 'default' value (e.g. null, "none", 0, FALSE, whatever).
I can do some data sanitization at the same time:

$name = (isset($_POST['name']) ? mysql_real_escape_string($_POST['name']) : 'No name');
// $name can now be safely used in SQL queries

jtmathome

How about this, I would like to use $REQUEST instead of $GET or $POST, if I could due to the fact that some of my data is GET (From URL) and some is POST (From Form), $REQUEST works for either.

$Description = (isset($REQUEST['Description']) ? $REQUEST['Description'] : '');
$Description2 = (isset($REQUEST['Description2']) ? $REQUEST['Description2'] : '');
$Page = (isset($REQUEST['Page']) ? $REQUEST['Page'] : '');

wilku

If you don't mind whether some varible comes from get, post or cookie it's probably ok.