> I didn't realized that PHP had been going so fast that it was creating
> problems for compatiblility.
> Here is my situation: PHP on my development server is 4.0.6 while
> on the application server it is PHP 4.2.2. I bet you all know that
> a huge basic differences between the two but I don't know them!
> In PHP 4.2.2, variables passed by either GET or POST method can
> not be accessed straitforwardly by their name, you have to fetch them
> from $HTTP_POST_VARS or $HTTP_GET_VARS. To my understanding,
> directly using submitted variables by their name is one of the basic
> PHP features, and I always use vars in this way. However, you can
> imagine that, recently due to the PHP upgrading I got bunch of
> when deploying.
> What I want to know are:
> 1. why PHP changed the way to access submitted vars;

PHP wasn't changed, it just changed the default of one configuration in
php.ini. Set your register_globals back to ON and things are just as
they were in the past. 

It was changed to stop poorly written code from having as many security
issues. If you use a variable $var, you have no idea if it came from the
user, session, cookie, or from the script. You have to remember it
yourself. So, you may assume your script made $var, but it really came
from the URL. Using $_GET['var'] lets you know for sure that that value
came from the url. With register_globals off, you know $var was created
from within your scripts and cannot of came from a user.

> 2. any good suggestion to avoid this problem, such as that is it
> to configure 4.2.2 to compatible downward.

register_globals = On

---John Holmes...

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to