Re: [PHP] re[PHP] gister_globals
I'm a newbie to php and i would like to set register_globals to 'on' from my php script itself(eg:- index.php). Is there any way of doing this. You can't do this from inside the script with ini_set() as register_globals has already had it's affect at that point, so you can put this in a .htaccess file if you're using Apache: php_flag register_globals 1 -- Richard Heyes http://www.websupportsolutions.co.uk Mailing list management service allowing you to reach your Customers and increase your sales. ** NOW OFFERING FREE ACCOUNTS TO CHARITIES AND NON-PROFITS ** -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] re[PHP] gister_globals
tbt schreef: Hi, I'm a newbie to php and i would like to set register_globals to 'on' from my php script itself(eg:- index.php). Is there any way of doing this. you think you would like that. but you are wrong. register_globals is a security risk in the hands of someone who doesn't know exactly what they are doing. besides which register_globals is depreciated. also you can search the list archives for lots of posts that explain why register_globals is evil. learn how to write your script without using register_globals - ask here if you get stuck (but don't forget the manual!). Thanks -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] re[PHP] gister_globals
On Wednesday 16 January 2008 15:33:04 Jochem Maas wrote: tbt schreef: Hi, I'm a newbie to php and i would like to set register_globals to 'on' from my php script itself(eg:- index.php). Is there any way of doing this. you think you would like that. but you are wrong. register_globals is a security risk in the hands of someone who doesn't know exactly what they are doing. besides which register_globals is depreciated. also you can search the list archives for lots of posts that explain why register_globals is evil. learn how to write your script without using register_globals - ask here if you get stuck (but don't forget the manual!). Thanks Hell frezezer over. Me thinks regsiter_globals are evil too. And what about this session_start(); $_SESSION['refString'] = $_GET['refNo']; Sancar -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] re[PHP] gister_globals
On Wed, January 16, 2008 12:21 am, tbt wrote: I'm a newbie to php and i would like to set register_globals to 'on' from my php script itself(eg:- index.php). Is there any way of doing this. You can't turn it on really, because by the time your PHP script is running and trying to turn it on, it's too late for the built-in routines to globalize everything -- They have already opted not to run because it was off (as it should be). You could use extract($_REQUEST); which amounts the same thing, however, cramming all the $_REQUEST variables into your PHP script. THIS IS A BAD IDEA!!! There is a *REASON* why register_globals got turned OFF! You should do this ONLY for legacy code that cannot be fixed, and with a clear path to STOP doing it ASAP. You also could turn it on in .htaccess for a single directory tree, which would be more common. -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] re[PHP] gister_globals
Sancar Saran schreef: On Wednesday 16 January 2008 15:33:04 Jochem Maas wrote: tbt schreef: Hi, I'm a newbie to php and i would like to set register_globals to 'on' from my php script itself(eg:- index.php). Is there any way of doing this. you think you would like that. but you are wrong. register_globals is a security risk in the hands of someone who doesn't know exactly what they are doing. besides which register_globals is depreciated. also you can search the list archives for lots of posts that explain why register_globals is evil. learn how to write your script without using register_globals - ask here if you get stuck (but don't forget the manual!). Thanks Hell frezezer over. odd verb. but I get the message. indeed it's seem it hath freezeth nicely. Me thinks regsiter_globals are evil too. And what about this session_start(); $_SESSION['refString'] = $_GET['refNo']; what about it? 1. you mean the fact that the GET val is not sanitized? 2. or the oddness of 'refNo' becoming 'refString' (is it a string, a number, superman)? 3. or the direct use of $_SESSION and the lack of specific session cookie settings? 1. is evil, 2. is odd and 3. is a change recommendation ... if you ask me. Sancar -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] re[PHP] gister_globals
Hello Hell frezezer over. odd verb. but I get the message. indeed it's seem it hath freezeth nicely. Me thinks regsiter_globals are evil too. And what about this session_start(); $_SESSION['refString'] = $_GET['refNo']; what about it? 1. you mean the fact that the GET val is not sanitized? 2. or the oddness of 'refNo' becoming 'refString' (is it a string, a number, superman)? 3. or the direct use of $_SESSION and the lack of specific session cookie settings? 1. is evil, 2. is odd and 3. is a change recommendation ... if you ask me. 1. 2. Orginal Code ?php session_start(); session_register(refString); $refString = $_GET['refNo']; ? 3. Could you explain a bit or re direct me a document about this ? Sancar -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] re[PHP] gister_globals
Sancar Saran schreef: Hello Hell frezezer over. odd verb. but I get the message. indeed it's seem it hath freezeth nicely. Me thinks regsiter_globals are evil too. And what about this session_start(); $_SESSION['refString'] = $_GET['refNo']; what about it? 1. you mean the fact that the GET val is not sanitized? 2. or the oddness of 'refNo' becoming 'refString' (is it a string, a number, superman)? 3. or the direct use of $_SESSION and the lack of specific session cookie settings? 1. is evil, 2. is odd and 3. is a change recommendation ... if you ask me. 1. 2. Orginal Code ?php session_start(); session_register(refString); $refString = $_GET['refNo']; ? 3. Could you explain a bit or re direct me a document about this ? the original code is rubbish. $_SESSION should be used and session_register() should not. in that sense you translation of the code was an improvement. the only really bas thing is the lack of input sanitation in $_GET['refNo'] using session_register() is depreciated. Sancar -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] re[PHP] gister_globals
-Original Message- From: tbt [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 16, 2008 3:22 AM To: php-general@lists.php.net Subject: [PHP] re[PHP] gister_globals Hi, I'm a newbie to php and i would like to set register_globals to 'on' from my php script itself(eg:- index.php). Is there any way of doing this. Thanks -- View this message in context: http://www.nabble.com/register_globals- tp14868899p14868899.html Sent from the PHP - General mailing list archive at Nabble.com. If your web server is Apache you can create a file named .htaccess and place it in the document root. Then set up the PHP configuration like this: # This is just for commenting / you can comment out settings you don't want to apply # Switch on or off and configure as you desire php_flag short_open_tag on php_flag register_globals off php_flag magic_quotes_gpc off php_flag magic_quotes_runtime off php_flag magic_quotes_sybase off php_flag display_errors on php_value error_reporting 2039 php_value max_execution_time 300 If your system is not apache or it doesn't support .htaccess files, then you are doomed about register_globals, when your script is run, it is too late for enabling it (but you can deal with other .ini settings using http://php.net/ini_set) The most you can do for register_globals is using extract on $_GET, $_POST and $_COOKIE at the very top (I wouldn't even enable register_globals but...) http://php.net/manual/en/function.extract.php or using a loop to populate $_GLOBALS with the $_GET, $_POST and $_COOKIE keys/values. Regards, Rob Andrés Robinet | Lead Developer | BESTPLACE CORPORATION 5100 Bayview Drive 206, Royal Lauderdale Landings, Fort Lauderdale, FL 33308 | TEL 954-607-4207 | FAX 954-337-2695 Email: [EMAIL PROTECTED] | MSN Chat: [EMAIL PROTECTED] | SKYPE: bestplace | Web: http://www.bestplace.biz | Web: http://www.seo-diy.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
