Hi, I am not sure I understand this... All the variables exist in $_GET, $_POST, $_COOKIES, $_FILES, so in the script I referenced them as such. I read my php.ini and the manual. The extract will bring all the assosciative array elements into the current symbol table. But if you do this, isn't there a risk of clobbering existing variables in use? If the PHP script exists on a server, and someone can figure out which variable names we're using, they may be able to override our variables and gain more control of the script than we want. Shouldn't we just abide by the default of leaving the data in the $_GET, $_POST, $_COOKIES, $_FILES arrays, and not override the default behaviour of disabling the register_globals, and so not risk compromising security?
Leif ----- Original Message ----- From: "Jeremy Wanamaker" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, August 06, 2003 9:14 AM Subject: [Dynapi-Dev] dynapi.util.ioelement-postresponse.php > The dynapi.util.ioelement-postresponse.php example script will not work with > PHP versions > 4.2.0 because register globals are turned off by default. It > would probably be useful to add > > extract($_POST); > > before the echo in that file. I mention this because I spent about an hour > tracing through the rest of the code trying to figure out why the variables > weren't getting passed between php and javascript, only to discover that > they were. The simplest explanation is usually the correct one I guess. > > Jeremy > > > > ------------------------------------------------------- > This SF.Net email sponsored by: Free pre-built ASP.NET sites including > Data Reports, E-commerce, Portals, and Forums are available now. > Download today and enter to win an XBOX or Visual Studio .NET. > http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01 > _______________________________________________ > Dynapi-Dev mailing list > [EMAIL PROTECTED] > http://www.mail-archive.com/[EMAIL PROTECTED]/ > > ------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01 _______________________________________________ Dynapi-Dev mailing list [EMAIL PROTECTED] http://www.mail-archive.com/[EMAIL PROTECTED]/
