1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
  2. To combat forum spam, new accounts will need to make at least one (valid) post.
    Otherwise, we will periodically purge all users without posts or that haven't confirmed their account.

PHP.ini Globals = OFF

Discussion in 'General Support' started by treefrog, Dec 30, 2002.

Thread Status:
Not open for further replies.
  1. if globals are set to "off" (which is set that way by default on newer versions of PHP), you have to modify the script. Having globals set to on isn't necessarily bad, but...it's better to write your scripts to accomodate this. Here's an example:

    old way:
    Code:
    
    if (!$variable) $variable = "something";
    
    
    better (and more secure) way:
    Code:
    
    if (!isset($_GET['variable'])) {
    
        $variable = "something";
    
    } else {
    
        $variable = $_GET['variable'];
    
    }
    
    
    Although this makes the code bigger, it's more secure because it helps to prevent a malicious user from passing stuff to your script via a form or something. You can even go further by validating the data that's in the URL by checking what type of data is being sent (to add more security) like this:
    Code:
    
    if (isset($_GET['uc'])) {
    
        if (is_numeric($_GET['uc'])) {
    
            $uc = $_GET['uc'];
    
        } else {
    
            $uc = 0;
    
        }
    
    } else {
    
        $uc = 0;
    
    }
    
    
    This is more of a suggestion than a bug, but I am having to re-do a bunch of the code so that it will work with register_globals = off in my php.ini

    Treefrog
Thread Status:
Not open for further replies.

Share This Page