Re: How is this possible?
|
View:
New views
9 Messages
—
Rating Filter:
Alert me
|
 |
|
|
|
Re: How is this possible?
by Adam Randall-5
::
Rate this Message:
I don't do this personally, but you can probably get your script
working by doing something like this: foreach( $_GET as $k => $v ) $$k = $v; You would put that at the top of your page, but be aware that it allows other people to set variables on your page (just like register globals does). If you want to do basic sanitization to your incoming values, such as trimming them, you can do something like this too: foreach( $_GET as $k => $v ) $$k = trim( $v ); None of this is best practices, FYI. Adam. On Wed, Oct 28, 2009 at 10:29 AM, David Otton <phpmail@...> wrote: > 2009/10/28 tedd <tedd@...>: >> >> Hi gang: >> > > http://php.net/manual/en/security.globals.php > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- Adam Randall http://www.xaren.net AIM: blitz574 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php |
|
|
|
|
|
Re: How is this possible?
by Ashley Sheridan-3
::
Rate this Message:
On Wed, 2009-10-28 at 13:47 -0400, Andrew Ballard wrote:
> On Wed, Oct 28, 2009 at 1:27 PM, tedd <tedd@...> wrote: > > Hi gang: > > > > I am reviewing some old code (circa 2003) where the programmer had one > > script call another and placed variable values in the URL, like so: > > > > <a href="user_edit.php?user_id=5223&action=edit"> > > > > That seems innocent enough. However, in the called script (i.e., > > "user_edit.php") there are no: > > > > $user_id = $_GET['user_id']; > > $action = $_GET['action']; > > > > statements to populate the variables, yet the variables get populated with > > the values sent!?! > > > > How did he do that? > > > > Incidentally, he did have in the .htaccess file the statement: > > > > php_flag register_globals 1 > > > > So I figure that Globals have something to do with it, but I never use > > Globals. And if I print_r $GLOBALS, I find that user_id and action are > > listed (many times), but I don't see how that works. > > > > Furthermore, something got changed and the entire script no longer works. So > > I'm in a quandary to figure this out -- any ideas, suggestions, references? > > > > Thanks, > > > > tedd > > > > That's exactly what register_globals does. It's analogous to > prepending your scripts with this: > > <?php > > extract($_GET); > extract($_POST); > extract($_COOKIE); > extract($_SESSION); > > ?> > > (The order would be determined by the ini directive variables_order) > > Andrew > Register globals is evil; somewhere between M$ and the chocolate that are always left over in the Xmas tin that nobody likes. Best bet is to try and steer the system away from it's dependency on this old directive. Thanks, Ash http://www.ashleysheridan.co.uk |
|
|
Re: How is this possible? [Solved]
by tedd-2
::
Rate this Message:
To all:
I found the problem, which basically was that I had declared a variable in a preceding script with the same name, namely $user_id. When I changed my script to $u_id, everything worked as before. Clearly, Globals are evil. It's a bitch to have to work with code you can't change unless you are willing to edit over 1500 files. Many thanks for all input and suggestions. Cheers, tedd -- ------- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php |
|
|
RE: How is this possible? [Solved]
by Bob McConnell
::
Rate this Message:
From: tedd
> I found the problem, which basically was that I had declared a > variable in a preceding script with the same name, namely $user_id. > > When I changed my script to $u_id, everything worked as before. > Clearly, Globals are evil. > > It's a bitch to have to work with code you can't change unless you > are willing to edit over 1500 files. Just keep in mind that register_globals is deprecated and will be going away in a future release of PHP. You might want to start thinking about a strategy to update those files before that happens. Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php |
|
|
Re: How is this possible? [Solved]
by Robert Cummings
::
Rate this Message:
Bob McConnell wrote:
> From: tedd > >> I found the problem, which basically was that I had declared a >> variable in a preceding script with the same name, namely $user_id. >> >> When I changed my script to $u_id, everything worked as before. >> Clearly, Globals are evil. >> >> It's a bitch to have to work with code you can't change unless you >> are willing to edit over 1500 files. > > Just keep in mind that register_globals is deprecated and will be going > away in a future release of PHP. You might want to start thinking about > a strategy to update those files before that happens. > > Bob McConnell I don't think his problem was register_globals, I think it was the other problem of globals... namely variable naming collision causing value clobber. Cheers, Rob. -- http://www.interjinn.com Application and Templating Framework for PHP -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php |
|
|
Re: How is this possible? [Solved]
by tedd-2
::
Rate this Message:
At 2:48 PM -0400 10/28/09, Robert Cummings wrote:
>Bob McConnell wrote: >>From: tedd >> >>>I found the problem, which basically was that I had declared a >>>variable in a preceding script with the same name, namely $user_id. >>> >>>When I changed my script to $u_id, everything worked as before. >>>Clearly, Globals are evil. >>> >>>It's a bitch to have to work with code you can't change unless you >>>are willing to edit over 1500 files. >> >>Just keep in mind that register_globals is deprecated and will be going >>away in a future release of PHP. You might want to start thinking about >>a strategy to update those files before that happens. >> >>Bob McConnell > >I don't think his problem was register_globals, I think it was the >other problem of globals... namely variable naming collision causing >value clobber. > >Cheers, >Rob. Rob: You were exactly right -- it was a collision. Now, if I can only find out why header("location:.."); stopped working. Sometimes old code presents a lot of problems to solve. Thanks, tedd -- ------- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php |
|
|
Re: How is this possible? [Solved]
by Jim Lucas-2
::
Rate this Message:
tedd wrote:
> At 2:48 PM -0400 10/28/09, Robert Cummings wrote: >> Bob McConnell wrote: >>> From: tedd >>> >>>> I found the problem, which basically was that I had declared a >>>> variable in a preceding script with the same name, namely $user_id. >>>> >>>> When I changed my script to $u_id, everything worked as before. >>>> Clearly, Globals are evil. >>>> >>>> It's a bitch to have to work with code you can't change unless you >>>> are willing to edit over 1500 files. >>> >>> Just keep in mind that register_globals is deprecated and will be going >>> away in a future release of PHP. You might want to start thinking about >>> a strategy to update those files before that happens. >>> >>> Bob McConnell >> >> I don't think his problem was register_globals, I think it was the >> other problem of globals... namely variable naming collision causing >> value clobber. >> >> Cheers, >> Rob. > > > Rob: > > You were exactly right -- it was a collision. > > Now, if I can only find out why header("location:.."); stopped working. > > Sometimes old code presents a lot of problems to solve. > > Thanks, > > tedd > I would use headers_sent() to find out if the headers have been sent before calling header() -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php |
| Free embeddable forum powered by Nabble | Forum Help |
