accessing $_GET implicitly

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • |-|erc
    #1

    accessing $_GET implicitly

    OK, here's the start of the index file I'm working on and its used for every page like so
    index.php?actio n=register
    index.php?actio n=logout
    etc.


    <?php

    define ('IN_SITE', 1 );
    define ('LOGGED_IN', FALSE );
    $userinfo = '';

    include('config .php');

    $link = @mysql_connect ($DB_HOST, $DB_USER, $DB_PASS) or die ('SQL Connection troubles');
    mysql_select_db ($DB_DB);

    include($_SERVE R['DOCUMENT_ROOT'] . "/functions.php") ;


    if ($action != "do_login")
    {
    $user = $_COOKIE['user'];
    $pass = $_COOKIE['pass'];
    if (verifyuser('', $pass,$user) == TRUE)


    Nowhere in config or functions is $action defined, so how can this work?
    It works on CPanel but not in PLESK. In PLESK I added the line $action = $_GET['action'];
    I thought it already had it, that got it working in PLESK aswell but some screens still don't show
    so I took it out again.

    Herc



    Tags: None
    • David Cartwright
      #2
      Re: accessing $_GET implicitly

      "|-|erc" <h@r.c> wrote in message
      news:4355f0d6$0 $41001$892e7fe2 @authen.white.r eadfreenews.net ...[color=blue]
      > OK, here's the start of the index file I'm working on and its used for
      > every page like so
      > index.php?actio n=register
      > index.php?actio n=logout
      > etc.
      > if ($action != "do_login")
      > {
      > $user = $_COOKIE['user'];
      > $pass = $_COOKIE['pass'];
      > if (verifyuser('', $pass,$user) == TRUE)
      > Nowhere in config or functions is $action defined, so how can this work?[/color]

      There is a PHP configuration directive (i.e. something you put in the config
      file) "register_globa ls" which allows any or all entities from forms (GET
      and POST), cookies, server internals and the local environment to appear to
      scripts just as if they're day-to-day script variables. As of PHP 4.2.0 this
      defaults to "off", though clearly you can turn it on if you so desire.

      I don't personally like implicit variable definitions like this, because
      variables can trample over one another and cause confusion (or even security
      problems) when what you thought was a local variable turns out to be a field
      from a form, or vice versa. The developers of PHP clearly don't like it
      either, as they've taken the conscious decision to turn it off.

      For a developer, a nicer way to go is the import_request_ variables()
      function, which you can drop into your scripts to register form variables
      yourself. import_request_ variables() allows you to prefix the variable names
      with a text string to allow you to distinguish them from other variables -
      so, for instance, everything I write has a import_request_ variables() call
      that makes all my form variables appear as $form_blah, thus guaranteeing I'm
      not going to trample over local stuff by mistake.

      HTH,

      David C


        Comment

        • |-|erc
          #3
          Re: accessing $_GET implicitly

          "David Cartwright" <dscartwright@h otmail.com> wrote in ...
          : "|-|erc" <h@r.c> wrote in message
          : > OK, here's the start of the index file I'm working on and its used for
          : > every page like so
          : > index.php?actio n=register
          : > index.php?actio n=logout
          : > etc.
          : > if ($action != "do_login")
          : > {
          : > $user = $_COOKIE['user'];
          : > $pass = $_COOKIE['pass'];
          : > if (verifyuser('', $pass,$user) == TRUE)
          : > Nowhere in config or functions is $action defined, so how can this work?
          :
          : There is a PHP configuration directive (i.e. something you put in the config
          : file) "register_globa ls" which allows any or all entities from forms (GET
          : and POST), cookies, server internals and the local environment to appear to
          : scripts just as if they're day-to-day script variables. As of PHP 4.2.0 this
          : defaults to "off", though clearly you can turn it on if you so desire.
          :
          : I don't personally like implicit variable definitions like this, because
          : variables can trample over one another and cause confusion (or even security
          : problems) when what you thought was a local variable turns out to be a field
          : from a form, or vice versa. The developers of PHP clearly don't like it
          : either, as they've taken the conscious decision to turn it off.
          :
          : For a developer, a nicer way to go is the import_request_ variables()
          : function, which you can drop into your scripts to register form variables
          : yourself. import_request_ variables() allows you to prefix the variable names
          : with a text string to allow you to distinguish them from other variables -
          : so, for instance, everything I write has a import_request_ variables() call
          : that makes all my form variables appear as $form_blah, thus guaranteeing I'm
          : not going to trample over local stuff by mistake.
          :

          great thanks, I just used import_request_ variables("gpc" ); and all the pages work now.
          GET and POST are so simple to use anyway so I'll stick with them atleast for my own code.

          Herc



            Comment

            Previous template Next
            Working...