Hi gang:

I am reviewing some old code (circa 2003) where the programmer had one script call another and placed variable values in the URL, like so:

    <a href="user_edit.php?user_id=5223&action=edit">

That seems innocent enough. However, in the called script (i.e., "user_edit.php") there are no:

    $user_id = $_GET['user_id'];
    $action = $_GET['action'];

statements to populate the variables, yet the variables get populated with the values sent!?!

How did he do that?

Incidentally, he did have in the .htaccess file the statement:

   php_flag register_globals 1

So I figure that Globals have something to do with it, but I never use Globals. And if I print_r $GLOBALS, I find that user_id and action are listed (many times), but I don't see how that works.

Furthermore, something got changed and the entire script no longer works. So I'm in a quandary to figure this out -- any ideas, suggestions, references?



http://sperling.com  http://ancientstones.com  http://earthstones.com

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to