From: David Otton <[EMAIL PROTECTED]>
Date: Mon, Sep 03, 2001 at 03:21:00PM -0700
Message-ID: <[EMAIL PROTECTED]>
Subject: Re: [PHP] Problem with PHP_SELF
> On Mon, 03 Sep 2001 15:11:04 -0700, you wrote:
> Following up my own post (in case someone finds this in the archives):
> >Is there any situation where such variables would be available to
> >phpinfo(), but not the rest of the script?
> You can't see $PHP_SELF within a function until you declare it global.
> This language really frustrates me sometimes...
It's not so frustrating if you configure it correct. If you set
register_globals, you can just use 'm everywhere. It's not something
you should do, though. You can better use $HTTP_SERVER_VARS. It's
(some) safer. For those you don't need to turn on the
register_globals. Just turning on track_vars will do then. And from
PHP 4.0.3 you don't even need to do that.
<Quote from PHP manual>
These variables are created by PHP itself. The $HTTP_*_VARS
variables are available only if the track_vars configuration is
turned on. When enabled, the variables are always set, even if they
are empty arrays. This prevents a malicious user from spoofing these
Note: As of PHP 4.0.3, track_vars is always turned on, regardless of
the configuration file setting.
If the register_globals directive is set, then these variables will
also be made available in the global scope of the script; i.e.,
separate from the $HTTP_*_VARS arrays. This feature should be used
with care, and turned off if possible; while the $HTTP_*_VARS
variables are safe, the bare global equivalents can be overwritten
by user input, with possibly malicious intent. If you cannot turn
off register_globals, you must take whatever steps are necessary to
ensure that the data you are using is safe.
</Quote from PHP manual>
-- Renze Munnik
-- DataLink BV
-- E: [EMAIL PROTECTED]
-- W: +31 23 5326162
-- F: +31 23 5322144
-- M: +31 6 21811143
-- Stationsplein 82
-- 2011 LM HAARLEM
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]