"John W. Holmes" <[EMAIL PROTECTED]> wrote in message
> > I didn't realized that PHP had been going so fast that it was creating
> > problems for compatiblility.
> >
> > Here is my situation: PHP on my development server is 4.0.6 while
> > on the application server it is PHP 4.2.2. I bet you all know that
> there's
> > a huge basic differences between the two but I don't know them!
> > In PHP 4.2.2, variables passed by either GET or POST method can
> > not be accessed straitforwardly by their name, you have to fetch them
> > from $HTTP_POST_VARS or $HTTP_GET_VARS. To my understanding,
> > directly using submitted variables by their name is one of the basic
> great
> > PHP features, and I always use vars in this way. However, you can
> > imagine that, recently due to the PHP upgrading I got bunch of
> problems
> > when deploying.
> >
> > What I want to know are:
> > 1. why PHP changed the way to access submitted vars;
> PHP wasn't changed, it just changed the default of one configuration in
> php.ini. Set your register_globals back to ON and things are just as
> they were in the past.
> It was changed to stop poorly written code from having as many security
> issues. If you use a variable $var, you have no idea if it came from the
> user, session, cookie, or from the script. You have to remember it
> yourself. So, you may assume your script made $var, but it really came
> from the URL. Using $_GET['var'] lets you know for sure that that value
> came from the url. With register_globals off, you know $var was created
> from within your scripts and cannot of came from a user.
> > 2. any good suggestion to avoid this problem, such as that is it
> possible
> > to configure 4.2.2 to compatible downward.
> register_globals = On
> ---John Holmes...

PHP General Mailing List (
To unsubscribe, visit:

Reply via email to