|
|
Posted by |-|erc on 10/19/05 12:04
"David Cartwright" <dscartwright@hotmail.com> wrote in ...
: "|-|erc" <h@r.c> wrote in message
: > OK, here's the start of the index file I'm working on and its used for
: > every page like so
: > index.php?action=register
: > index.php?action=logout
: > etc.
: > if ($action != "do_login")
: > {
: > $user = $_COOKIE['user'];
: > $pass = $_COOKIE['pass'];
: > if (verifyuser('', $pass,$user) == TRUE)
: > Nowhere in config or functions is $action defined, so how can this work?
:
: There is a PHP configuration directive (i.e. something you put in the config
: file) "register_globals" which allows any or all entities from forms (GET
: and POST), cookies, server internals and the local environment to appear to
: scripts just as if they're day-to-day script variables. As of PHP 4.2.0 this
: defaults to "off", though clearly you can turn it on if you so desire.
:
: I don't personally like implicit variable definitions like this, because
: variables can trample over one another and cause confusion (or even security
: problems) when what you thought was a local variable turns out to be a field
: from a form, or vice versa. The developers of PHP clearly don't like it
: either, as they've taken the conscious decision to turn it off.
:
: For a developer, a nicer way to go is the import_request_variables()
: function, which you can drop into your scripts to register form variables
: yourself. import_request_variables() allows you to prefix the variable names
: with a text string to allow you to distinguish them from other variables -
: so, for instance, everything I write has a import_request_variables() call
: that makes all my form variables appear as $form_blah, thus guaranteeing I'm
: not going to trample over local stuff by mistake.
:
great thanks, I just used import_request_variables("gpc"); and all the pages work now.
GET and POST are so simple to use anyway so I'll stick with them atleast for my own code.
Herc
Navigation:
[Reply to this message]
|