Dale Robinson wrote:
>
> Everyone seems to recommend turning off register_globals, but accessing them
> through $HTTP_POST_VARS["var_name"], gets tedious.
>
> I haven't found a better solution (not to say there isn't one) than this
> small snippet.
>
> The idea is to turn off "register_globals", as I believe is heavily
> recommended by the PHP team, and declare what variables you are expecting on
> a per script basis.
> Magic-quotes would also be off. Hopefully this makes all external variables
> safe.
>
> I was hoping some experienced users would cast their eye over this and
> suggest any improvements, and comment if it is worth doing at all
>
> define("ALLOWABLE_HTML_TAGS", "<B><H1>");
>
> function use_ext_var($var_name, $var_location)
> {
> global $$var_name, $$var_location;
>
> $$var_name = ${$var_location}[$var_name];
> $$var_name = stripslashes($$var_name);
> $$var_name = strip_tags($$var_name, ALLOWABLE_HTML_TAGS);
>
> }
>
> use_ext_var("sample_var", "HTTP_GET_VARS");
> print $sample_var;
>
> How are other people handling this, or are most of you 'lazy' and just use
> globals :)
>
> Regards
>
> D Robinson
I was lazy but I've found turning globals off makes code easier to read
- If you've got HTTP_GET_VARS , HTTP_POST_VARS and session vars all in
one script - knowing where the variables are coming from makes it is
easier after coming back to your code months later, or when reading
someone elses code.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
