I'm not aware of anything like that, apart from PHP itself :) Turn your error reporting to the strictest setting, and go through your applications, and it should complain whenever is has to echo/use a undefined variable.
Although that sounds a little daunting with 8000 pages... are you using lots of include files (for all files which are in a certain section)? if so, it quite possible that you only have to modify the header include to keep things up to date on many pages. If you do find such a script, I'd be keen to hear about it. Essentially, you need to munch through each of your scripts WITH the include/require's inline, looking for an undefined variable. Then for each of those undefined variables, figure out if the were supposed to be from GET, POST, FILES, COOKIE or SESSION, and put a few lines at the top of the file: $myvar = $_GET['myvar']; $myvar2 = $_POST['myvar2']; It's also probably a lesson in documentation... when I first started in PHP I was paranoid about everything, and spent AGES on documentation and comments at the top of files. But I was really thankfull I did, because it saved me HOURS later on, because I had everything documented... which vars came from post/get/cookies/sessions/etc. Good luck, Justin on 25/09/02 4:00 AM, Thomas Porter ([EMAIL PROTECTED]) wrote: > I currently maintain about 100 sites that use PHP. Many of them were > programmed pre 4.2, and are not compatible with the register_globals=off > setting. Since we use virtual hosts in apache I have been able to modify > that one ini setting for the sites that need it, but now my job is to modify > all of these scripts to be compatible with the register_globals=off setting > so they will be more secured. I'm wondering if anyone out there has written > a script that can look at the PHP scripts and see if they are compatible or > not. I'm sure this would be no easy task, but it would be most useful at > the same time. I've done a find for all of the PHP scripts on our server > and am confronted with over 8,000 scripts that need to be looked at, and > that's just files with the .php extension.... we've got plenty of .inc's and > other various extensions (including a few sites that parse .html as PHP) > that would need to be checked as well. > > Anybody got any ideas? > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
