|
|
Posted by Chuck Anderson on 10/25/06 20:00
Geoff wrote:
>> I urge you to fix this, but in the mean while:
>> extract($_GET);
>> --
>> Rik Wasmus
>>
>
> What is the new way to do this?
> I've read through the link you gave me but it isn't completely clear to
> me.
>
> Geoff
>
>
Quick and dirty:
Use a text editor to include a script at the very beginning of every php
file:
<?php
include 'extractor.php';
?>
Put this in extractor.php
<?php
if (is_array($_GET))
{
foreach ($_GET as $xxkey => $xxvalue)
{
$$xxkey = $xxvalue;
}
}
?>
(Note: 'xx' is added to the var name to try and keep the var names
unique, otherwise, if you have passed a GET variable with the same name
($key or $value), it would be overwritten by the next iteration of the
foreach.)
This should get you working, but then I advise you to go back and add
some real injection prevention functions at the beginning of routines
that need them.
--
*****************************
Chuck Anderson • Boulder, CO
http://www.CycleTourist.com
*****************************
[Back to original message]
|