On Wed, Oct 28, 2009 at 1:27 PM, tedd <t...@sperling.com> wrote:
> Hi gang:
> I am reviewing some old code (circa 2003) where the programmer had one
> script call another and placed variable values in the URL, like so:
>    <a href="user_edit.php?user_id=5223&action=edit">
> That seems innocent enough. However, in the called script (i.e.,
> "user_edit.php") there are no:
>    $user_id = $_GET['user_id'];
>    $action = $_GET['action'];
> statements to populate the variables, yet the variables get populated with
> the values sent!?!
> How did he do that?
> Incidentally, he did have in the .htaccess file the statement:
>   php_flag register_globals 1
> So I figure that Globals have something to do with it, but I never use
> Globals. And if I print_r $GLOBALS, I find that user_id and action are
> listed (many times), but I don't see how that works.
> Furthermore, something got changed and the entire script no longer works. So
> I'm in a quandary to figure this out -- any ideas, suggestions, references?
> Thanks,
> tedd

That's exactly what register_globals does. It's analogous to
prepending your scripts with this:




(The order would be determined by the ini directive variables_order)


PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to