>1) $GLOBALS, Where does this come from and where does this goes to?  I
>noticed there is no variable declaration for this, so I just know that it is
>part of PHP codes, although I haven't figure out what is it part of.

Every variable you assign, change, or unset, or that comes in from the
outside world, is in $GLOBALS.

$GLOBALS is PHP's internal array of all variables with their values.

Mucking directly with $GLOBALS in any way shape or form is almost-for-sure a
Bad Idea (tm).

[There are exceptions to this rule...  If you know what you're doing well
enough to be doing those exceptions, go for it.]

>2) What would be the way to go to make it work, when changing it within this
>script with register_global turned on to turned off?
>--clip --
>   while (list($var, $value) = each($GLOBALS[HTTP_POST_VARS])
>    {
>     $GLOBALS[$var] = stripslashes(trim($value));
>    }
>I tried different ways to make it work and I kept getting the error saying
>" Variable passed to each() is not an array or object "
>" Variable passed to reset() is not an array or object "

if (isset($HTTP_POST_VARS)){
  while(list($var, $val) = each($HTTP_POST_VARS)){
    $$var = $val;

You could repeat this code for $HTTP_GET_VARS, $HTTP_COOKIE_VARS, etc.

You could even do it, in order, for all of them, and essentially "undo" the
turning off of register_globals.

Once you've gone that far, it's only a step away to write an "import"
function which takes variable names and/or source (POST, GET, COOKIE) and
sucks in the variables you expect at the top of your script, without sucking
in the potentially damaging crud of a hacker.

# Untested code.  YMMV.

function import($variables = NULL, $source = NULL){
  if (is_array($variables)){
    while (list($var, $source) = $variables)){
      # HACK!!!
      # If no source was supplied, the value is the variable, not the key.
      if (is_int($var){
        import($var, $source);
    global $$var;
    if ($source === NULL){
      # Should suck in the ordering from EGPCS thingie in php.ini, really. 
I'm lazy.
      if (isset($HTTP_POST_VARS[$var])){
        $$var = $HTTP_POST_VARS[$var];
      elseif (isset($HTTP_GET_VARS[$var])){
        $$var = $HTTP_GET_VARS[$var];
      # The remaining elseif clauses for COOKIE, ENV, etc are left as an
exercise for the reader...
    elseif ($variables != NULL){
      $array = "HTTP_$source_VARS";
      # This next bit might need some syntactic work with those {}s in
there...  Untested code, eh?
      if (isset({$$array}[$var])){
        $$var = {$$array}[$var];

Sample usage, if I got the code correct:

import("foo"); # Imports $foo just like PHP used to
import("foo", 'POST'); # Imports $foo like PHP used to, but only if it's a
import(array('foo', 'bar'); # Imports $foo and $bar like PHP used to.
import(array('foo'=>'POST', 'bar'=>'GET'); # Imports $foo from POST and $bar
from GET like PHP used to...  Okay, not a whole lot like PHP used to, but

If you know your code will never need to run on *older* versions of PHP,
replace $HTTP_POST_VARS with that new-fangled $_POST variable.

All the solutions up to, but not includeing, "function import", completely
bypass the entire *point* of not using register_globals in the first place. 
It should be considered a short-term solution.

Like Music?  http://l-i-e.com/artists.htm

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to