[Cialug] Slightly OT: register_globals in PHP & sessions

Bailey, Jonathan C cialug@cialug.org
Wed, 5 Jan 2005 19:29:34 -0600


The problem I have is that its on the same server as other sites which I =
don't want to break. Is there any way just to keep anything in $_SESSION =
as being registered as a global?


Jon


-----Original Message-----
From: cialug-admin@cialug.org [mailto:cialug-admin@cialug.org]On Behalf
Of Tony Bibbs
Sent: Wednesday, January 05, 2005 7:26 PM
To: cialug@cialug.org
Subject: Re: [Cialug] Slightly OT: register_globals in PHP & sessions


You should turn register_globals off...having it on is a bad security=20
decision.  If you want to get access to a get/post use the corresponding =

$_GET or $_POST superglobal.

i.e. if you post a form with a variable called 'state' to get it out and =

work with it in your script you'd have something like:

$stateGiven =3D $_POST['state'];

similarly, if your script accepts both post and get then you can simply=20
use $_REQUEST which contains all the values you'd find in $_POST and =
$_GET.

--Tony

Bailey, Jonathan C wrote:

>I currently have register_globals on so that get and post elements can =
be registered as variables. This has also set $_SESSION["whatever"] to =
just $whatever. How do I get it to make get/post as global, but access =
sessions through $_SESSION?
>
>
>
>--------------------
>Jonathan Bailey
>POS Analyst
>bailj0@bp.com
>(515) 226-5005
>
>_______________________________________________
>Cialug mailing list
>Cialug@cialug.org
>http://cialug.org/mailman/listinfo/cialug
> =20
>

_______________________________________________
Cialug mailing list
Cialug@cialug.org
http://cialug.org/mailman/listinfo/cialug