Hi Rasmus: Now turning register_globals back on and exploring "E_ALL".
Advertising
Thanks :) David On Monday, August 19, 2002, at 07:36 PM, Rasmus Lerdorf wrote: > If you forget to initialize your internal script variables, then people > could potentially inject bogus values for these variables and change how > your script operates. eg. > > if($password=='david') $ok=1; > > if($ok) let_them_in(); > > In the above, assume $password is a user-supplied value and $ok is an > internal script variable. Now, since $ok was never initialized to 0 > then > the user could supply ok=1 and get into let_them_in() regardless of the > value of $password. > > Now, if you make your code E_ALL clean and make sure you initialize your > internal variables, you are correct, having register_globals on is > cleaner > and easier to deal with. > > -Rasmus > > On Mon, 19 Aug 2002, David Rice wrote: > >> Hi: >> >> I have a test site where I am trying out a few things in PHP. I started >> off with register_globals on. Then I read in the docs that it is best >> to turn turn register_globals off. I did so and now I am having a >> marvelous time recoding some session stuff :( >> I could not find much info on why "register_globals on" is a bad thing. >> Seems to me that code is much cleaner with them on. What's the down >> side? >> >> Cheers, >> David >> >> On Monday, August 19, 2002, at 05:05 PM, Rasmus Lerdorf wrote: >> >>> Sure, turn register_globals on only for the oasis directory. In your >>> httpd.conf add: >>> >>> <Directory /some/path/oasis> >>> php_value register_globals on >>> </Directory> >>> >>> -Rasmus >>> >>> On Mon, 19 Aug 2002, Andy wrote: >>> >>>> Hi there, >>>> >>>> I am running php 4.2.2 with register globals set to off. Now I am >>>> planing to >>>> install oasis (a add tracking sw). Their current version requires a >>>> php >>>> build with register globals set to on!? >>>> >>>> Is there a way out of this dilema running only one server? >>>> >>>> Thanx for any advice, >>>> >>>> Andy >>>> >>>> >>>> >>>> >>>> >>>> -- >>>> PHP General Mailing List (http://www.php.net/) >>>> To unsubscribe, visit: http://www.php.net/unsub.php >>>> >>> >>> >>> -- >>> PHP General Mailing List (http://www.php.net/) >>> To unsubscribe, visit: http://www.php.net/unsub.php >>> >> >> >> -- >> PHP General Mailing List (http://www.php.net/) >> To unsubscribe, visit: http://www.php.net/unsub.php >> > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
