Dale Robinson wrote:
> 
> Everyone seems to recommend turning off register_globals, but accessing them
> through $HTTP_POST_VARS["var_name"], gets tedious.
> 
> I haven't found a better solution (not to say there isn't one) than this
> small snippet.
> 
> The idea is to turn off "register_globals", as I believe is heavily
> recommended by the PHP team, and declare what variables you are expecting on
> a per script basis.
> Magic-quotes would also be off. Hopefully this makes all external variables
> safe.
> 
> I was hoping some experienced users would cast their eye over this and
> suggest any improvements, and comment if it is worth doing at all
> 
> define("ALLOWABLE_HTML_TAGS", "<B><H1>");
> 
> function use_ext_var($var_name, $var_location)
> {
>     global $$var_name, $$var_location;
> 
>     $$var_name = ${$var_location}[$var_name];
>     $$var_name = stripslashes($$var_name);
>     $$var_name = strip_tags($$var_name, ALLOWABLE_HTML_TAGS);
> 
> }
> 
> use_ext_var("sample_var", "HTTP_GET_VARS");
> print $sample_var;
> 
> How are other people handling this, or are most of you 'lazy' and just use
> globals :)
> 
> Regards
> 
> D Robinson

I was lazy but I've found turning globals off makes code easier to read
- If you've got HTTP_GET_VARS , HTTP_POST_VARS and session vars all in
one script - knowing where the variables are coming from makes it is
easier after coming back to your code months later, or when reading
someone elses code.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to