> session_start();
> while ( list($name,$value) = each($HTTP_POST_VARS)) {
>     if (is_array($value)) {
>         for($x=0;$x<count($value);$x++) {
>             session_register('$name');

No.  This will register a variable whose name is literally '$name' over and
over, which (A) is not what you want and (B) $name isn't a valid varible
name anyway.

Lose the ''s

Also, you only need to session_register $name once, outside the loop, not
umpteen times.

>             $$name = $value[$x];

I think you need $$name[$x] here...  You're blowing away all your arrays
with scalars, otherwise...

>         }
>     } else {
>         session_register('$name');

Same thing about '$name' here.

>         $$name = $value;
>     }
> }

> Can anyone help me on this ?

This sounds like a pretty weird thing to do...  Do you *REALLY* have that
many POST variables and you want them *ALL* registered?

> Also what is register_globals ?? Should I have this on or off ?

If it's off, you are stuck with using $HTTP_POST_VARS and $HTTP_SESSION_VARS
and $HTTP_GET_VARS all the time -- $name will not exist unless you
explicitly set it.

The alleged "increase" in security from turning this off is quite debatable
since the real issue is about not using variables you haven't initialized
(turn on E_ALL) and never trusting user input.

The speed-up is probably not measurable unless you have an insanely high
number of variables you are POST/GET/COOKIE-ing back and forth, which is
wrong anyway.

See PHP-DEV archives for details, since somebody erased my user-contributed
notes to the web page. :-^

WARNING [EMAIL PROTECTED] address is an endangered species -- Use
Wanna help me out?  Like Music?  Buy a CD: http://l-i-e.com/artists.htm
Volunteer a little time: http://chatmusic.com/volunteer.htm

PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to