Hi Rasmus:

Now turning register_globals back on and exploring "E_ALL".

Thanks :)

David


On Monday, August 19, 2002, at 07:36 PM, Rasmus Lerdorf wrote:

> If you forget to initialize your internal script variables, then people
> could potentially inject bogus values for these variables and change how
> your script operates.  eg.
>
>    if($password=='david') $ok=1;
>
>    if($ok) let_them_in();
>
> In the above, assume $password is a user-supplied value and $ok is an
> internal script variable.  Now, since $ok was never initialized to 0 
> then
> the user could supply ok=1 and get into let_them_in() regardless of the
> value of $password.
>
> Now, if you make your code E_ALL clean and make sure you initialize your
> internal variables, you are correct, having register_globals on is 
> cleaner
> and easier to deal with.
>
> -Rasmus
>
> On Mon, 19 Aug 2002, David Rice wrote:
>
>> Hi:
>>
>> I have a test site where I am trying out a few things in PHP. I started
>> off with  register_globals on. Then I read in the docs that it is best
>> to turn turn register_globals off. I did so and now I am having a
>> marvelous time recoding some session stuff :(
>> I could not find much info on why "register_globals on" is a bad thing.
>> Seems to me that code is much cleaner with them on. What's the down 
>> side?
>>
>> Cheers,
>> David
>>
>> On Monday, August 19, 2002, at 05:05 PM, Rasmus Lerdorf wrote:
>>
>>> Sure, turn register_globals on only for the oasis directory.  In your
>>> httpd.conf add:
>>>
>>> <Directory /some/path/oasis>
>>>     php_value register_globals on
>>> </Directory>
>>>
>>> -Rasmus
>>>
>>> On Mon, 19 Aug 2002, Andy wrote:
>>>
>>>> Hi there,
>>>>
>>>> I am running php 4.2.2 with register globals set to off. Now I am
>>>> planing to
>>>> install oasis (a add tracking sw). Their current version requires a 
>>>> php
>>>> build with register globals set to on!?
>>>>
>>>> Is there a way out of this dilema running only one server?
>>>>
>>>> Thanx for any advice,
>>>>
>>>> Andy
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> PHP General Mailing List (http://www.php.net/)
>>>> To unsubscribe, visit: http://www.php.net/unsub.php
>>>>
>>>
>>>
>>> --
>>> PHP General Mailing List (http://www.php.net/)
>>> To unsubscribe, visit: http://www.php.net/unsub.php
>>>
>>
>>
>> --
>> PHP General Mailing List (http://www.php.net/)
>> To unsubscribe, visit: http://www.php.net/unsub.php
>>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to