Note again that we should not see this change for what it isn't - it *is* 
going to be a painful move for those who actually do it.  The reason for 
this is that register_globals=on silently encouraged writing of faulty 
code.  In turn, this means that people would have to go over their code in 
order to fix these issues, and no automated way of any kind can help.  The 
import_globals with prefix globbing can make the migration slightly less 
painful, because you can just add a common prefix to all of your variables 
instead of converting them to array index references, but you still have to 
go over all of your code if you actually want to review it for this issue.

That said, as I've been arguing in the last few days, this change is well 
worth the pain it'd cause.

As a matter of fact, I think that the easiest API would actually be instead 
of a prefix globbing, the 2nd argument of import_globals() would actually 
force a prefix onto the variable name.  I.e.,

import_globals("GPC", "form_");

would register all of the GPC variables with a form_ prefix, e.g., <input 
name="foo"> will end up being

import_globals("GPC", "");
would work, but generate an E_NOTICE

I think that would actually be easier than the pattern matching approach, 
because using this method, the users only have to change their form 
handling scripts, whereas using the glob approach, they also have to change 
their forms.


At 04:20 29/07/2001, Jeffrey A.Stuart wrote:
>I like this proposal a LOT!  See, what I and a few of my friends have recently
>been doing is starting to teach PHP to website owners.  And they have all been
>taking to it VERY WELL!!!  (Actually Rasmus, you may remember this.  You were
>interviewed by TDavid of Scriptschool about 8 months or so ago I think it was.
>(I'm FurBall FYI. :)) Well, he sat down and did a 16 week course late last
>year on PHP.  It was VERY well recevied by many people!)  So more and more non
>programmers are starting to use PHP.  This proposal will allow them to
>"relativly" painlessly migrate their code to a safer way of coding.
>On Sat, 28 Jul 2001 22:17:42 -0700 (PDT), [EMAIL PROTECTED] (Rasmus Lerdorf)
>[...text of proposal deleted...]
>Jeff Stuart
>PHP Development Mailing List <>
>To unsubscribe, e-mail: [EMAIL PROTECTED]
>For additional commands, e-mail: [EMAIL PROTECTED]
>To contact the list administrators, e-mail: [EMAIL PROTECTED]

Zeev Suraski <[EMAIL PROTECTED]>
CTO &  co-founder, Zend Technologies Ltd.

PHP Development Mailing List <>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to