Re: [PHP] solutions to disadvantages when register_globals is off

Sun, 21 Jan 2001 12:35:36 -0800 

Simple solution to make sure the variables are POST

somepage.php?var_1=asd&var_2=qwe&var_3=zxc
<?
    $var_1 = $HTTP_POST_VARS['var_1'];
    $var_2 = $HTTP_POST_VARS['var_2'];
    $var_3 = $HTTP_POST_VARS['var_3'];
?>

This way var_1, var_2, var_3 will allways be POST vars and you can still
access them through $var_1, $var_2, $var_3

Ramus had a good note though, dont think just because its not a GET or
Cookie var that a user cant whip up a simple html POST page in about 10sec.

Chris Lee
Mediawaveonline.com



"Dale Robinson" <[EMAIL PROTECTED]> wrote in message
000d01c083e1$54610aa0$0201a8c0@celery">news:000d01c083e1$54610aa0$0201a8c0@celery...
> Everyone seems to recommend turning off register_globals, but accessing
them
> through $HTTP_POST_VARS["var_name"], gets tedious.
>
> I haven't found a better solution (not to say there isn't one) than this
> small snippet.
>
> The idea is to turn off "register_globals", as I believe is heavily
> recommended by the PHP team, and declare what variables you are expecting
on
> a per script basis.
> Magic-quotes would also be off. Hopefully this makes all external
variables
> safe.
>
> I was hoping some experienced users would cast their eye over this and
> suggest any improvements, and comment if it is worth doing at all
>
> define("ALLOWABLE_HTML_TAGS", "<B><H1>");
>
> function use_ext_var($var_name, $var_location)
> {
>     global $$var_name, $$var_location;
>
>     $$var_name = ${$var_location}[$var_name];
>     $$var_name = stripslashes($$var_name);
>     $$var_name = strip_tags($$var_name, ALLOWABLE_HTML_TAGS);
>
> }
>
> use_ext_var("sample_var", "HTTP_GET_VARS");
> print $sample_var;
>
> How are other people handling this, or are most of you 'lazy' and just use
> globals :)
>
> Regards
>
> D Robinson
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to