Welcome to dbFreaks.com!
FAQFAQ      ProfileProfile    Private MessagesPrivate Messages   Log inLog in

Tip about register globals set to "on"

  
   Database Help (Home) -> PHP RSS
Next:  How to install ACE engine on XP SP2?  
Author Message
sheldonlg

External


Since: Feb 28, 2008
Posts: 907



(Msg. 1) Posted: Sun Oct 12, 2008 7:57 am
Post subject: Tip about register globals set to "on"
Archived from groups: comp>lang>php (more info?)
I did some coding on a site where register_globals is set to on. The
problem I encountered was that the session variable changed without my
changing it explicitly. I knew that in register globals being on, that
all the variables were global variables. What I didn't realize was that
it set up an equivalence such that the variable is an alias for the
session variable with the key name of that variable. That is,
$_SESSION['key'] is the same as $key.

I got around the problem by changing the key of the the session variable
to something unique.

Here is a little test script:
<?php
session_start();
$_SESSION['company'] = 'This';
print '1: ' . $_SESSION['company'] . '<br>';
$company = 0;
print '2: ' . $_SESSION['company'] . '<br>';
$_SESSION['company'] = 'This';
print '3: ' . $_SESSION['company'] . '<br>';
$company = 'That';
print '4: ' . $_SESSION['company'];
$foo = 'Foo';
print '5: ' . $_SESSION['foo'] . '<br>';
?>

Here is the output:
1: This
2: 0
3: This
4: That
5: Foo

 >> Stay informed about: Tip about register globals set to "on" 
Back to top
Login to vote
macca

External


Since: Dec 07, 2007
Posts: 60



(Msg. 2) Posted: Sun Oct 12, 2008 11:46 am
Post subject: Re: Tip about register globals set to "on" [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
What's the question?

I would recommend against using register_globals anyway. The directive
is deprecated and due for removal as of PHP 6 as it has security
vulnerabilities.

 >> Stay informed about: Tip about register globals set to "on" 
Back to top
Login to vote
sheldonlg

External


Since: Feb 28, 2008
Posts: 907



(Msg. 3) Posted: Sun Oct 12, 2008 7:26 pm
Post subject: Re: Tip about register globals set to "on" [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
macca wrote:
> What's the question?

Read the subject title! I am passing on a little personal experience,
and not asking a question.

>
> I would recommend against using register_globals anyway. The directive

I agree totally, however it is not always under our control to make that
decision. Many places will not change because it would break too many
existing applications.

> is deprecated and due for removal as of PHP 6 as it has security
> vulnerabilities.

.....and that might hinder acceptance of PHP 6 if it will force turning
it off. That is for the reason I gave above.

>
 >> Stay informed about: Tip about register globals set to "on" 
Back to top
Login to vote
Display posts from previous:   
   Database Help (Home) -> PHP All times are: Pacific Time (US & Canada) (change)
Page 1 of 1

 
 You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



[ Contact us | Terms of Service/Privacy Policy ]