1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
  2. To combat forum spam, we are temporarily disabling the ability to create new accounts for the forums. Please feel free to open a support ticket through out client area with any support issues. You can also search the forums for answers to many questions.

PHP.ini Globals = OFF

Discussion in 'General Support' started by treefrog, Dec 30, 2002.

Thread Status:
Not open for further replies.
  1. treefrog

    treefrog New Member

    if globals are set to "off" (which is set that way by default on newer versions of PHP), you have to modify the script. Having globals set to on isn't necessarily bad, but...it's better to write your scripts to accomodate this. Here's an example:

    old way:
    Code:
    
    if (!$variable) $variable = "something";
    
    
    better (and more secure) way:
    Code:
    
    if (!isset($_GET['variable'])) {
    
        $variable = "something";
    
    } else {
    
        $variable = $_GET['variable'];
    
    }
    
    
    Although this makes the code bigger, it's more secure because it helps to prevent a malicious user from passing stuff to your script via a form or something. You can even go further by validating the data that's in the URL by checking what type of data is being sent (to add more security) like this:
    Code:
    
    if (isset($_GET['uc'])) {
    
        if (is_numeric($_GET['uc'])) {
    
            $uc = $_GET['uc'];
    
        } else {
    
            $uc = 0;
    
        }
    
    } else {
    
        $uc = 0;
    
    }
    
    
    This is more of a suggestion than a bug, but I am having to re-do a bunch of the code so that it will work with register_globals = off in my php.ini

    Treefrog
     
Thread Status:
Not open for further replies.

Share This Page