[Cialug] Slightly OT: register_globals in PHP & sessions
Bailey, Jonathan C
cialug@cialug.org
Wed, 5 Jan 2005 19:29:34 -0600
The problem I have is that its on the same server as other sites which I =
don't want to break. Is there any way just to keep anything in $_SESSION =
as being registered as a global?
Jon
-----Original Message-----
From: cialug-admin@cialug.org [mailto:cialug-admin@cialug.org]On Behalf
Of Tony Bibbs
Sent: Wednesday, January 05, 2005 7:26 PM
To: cialug@cialug.org
Subject: Re: [Cialug] Slightly OT: register_globals in PHP & sessions
You should turn register_globals off...having it on is a bad security=20
decision. If you want to get access to a get/post use the corresponding =
$_GET or $_POST superglobal.
i.e. if you post a form with a variable called 'state' to get it out and =
work with it in your script you'd have something like:
$stateGiven =3D $_POST['state'];
similarly, if your script accepts both post and get then you can simply=20
use $_REQUEST which contains all the values you'd find in $_POST and =
$_GET.
--Tony
Bailey, Jonathan C wrote:
>I currently have register_globals on so that get and post elements can =
be registered as variables. This has also set $_SESSION["whatever"] to =
just $whatever. How do I get it to make get/post as global, but access =
sessions through $_SESSION?
>
>
>
>--------------------
>Jonathan Bailey
>POS Analyst
>bailj0@bp.com
>(515) 226-5005
>
>_______________________________________________
>Cialug mailing list
>Cialug@cialug.org
>http://cialug.org/mailman/listinfo/cialug
> =20
>
_______________________________________________
Cialug mailing list
Cialug@cialug.org
http://cialug.org/mailman/listinfo/cialug