This is pretty straight forward. First, you really should know where your data comes from, only you know that:
If it comes from GET, use $_GET If it comes from POST, use $_POST If it comes from COOKIE, use $_COOKIE If it comes from SERVER, use $_SERVER If it comes from ENV, use $_ENV If it comes from SESSION, use $_SESSION If it comes from FILES, use $_FILES If you could care less if it comes from GET, POST, or COOKIE and want to accept all three as one, use $_REQUEST What's the question? So for example: http://www.example.com/index.php?id=42 print $_GET['id']; print $_SERVER['PHP_SELF'] session_start(); $_SESSION['somesessionvar'] = 'avalue'; print $_SESSION['somesessionvar']; setcookie('foo', 'bar'); print $_COOKIE['foo']; ... Of course this doesn't make your script secure, but you will know where the variable comes from. Related manual pages are: http://us2.php.net/language.variables.predefined http://us2.php.net/language.variables.external http://us2.php.net/security.registerglobals And before you blindly use this arrays inside strings, be sure to know how to do that: http://us2.php.net/language.types.string And remember, users are evil. Regards, Philip On Wed, 4 Jun 2003, Tony Crockford wrote: > On this topic, could anyone point me to a good tutorial on how to > convert from sloppy code that assumes register_globals is on to good, > secure code that assumes register_globals is off. > > something that covers what to look for and what to change it to would be > a great help. > > I've been learning by working with someone else's (we bought it) code > and it won't run with register_globals off and I'd like it too. > > it makes use of sessions (an area I'm still struggling with) and passes > a lot of variables from form to form, sometimes with post and sometimes > with get. > > any suggestions would be much appreciated. > > I looked at the manual and googled a lot, but can't find a plain english > guide to doing it right! > > Thanks > > Tony > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
