Variables_Order Setting

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Buck Turgidson
    #1

    Variables_Order Setting

    According to an O'Reilly PHP book I have, setting variables_order to "ES" is
    safer, but that one will need to create global variables, not rely on them
    being created.

    Fair enough. But why does setting variables_order to ES cause the following
    to break, even though it is what O'Reilly recommends? The "id" variable is
    unpopulated. I have PHP 4.3.4 on Linux.




    $id = clean($_GET['id'],5);
    $result = mysql_query("SE LECT * FROM my_table where id = $id",$db);
    $myrow = mysql_fetch_arr ay($result);


    Tags: None
    • Buck Turgidson
      #2
      Re: Variables_Order Setting

      >[color=blue]
      > $id = clean($_GET['id'],5);
      > $result = mysql_query("SE LECT * FROM my_table where id = $id",$db);
      > $myrow = mysql_fetch_arr ay($result);
      >[/color]

      This is what "clean" does, in case that is relevant.

      function clean($input, $maxlength)
      {
      $input = substr($input, 0, $maxlength);
      $input = EscapeShellCmd( $input);
      return ($input);
      }


        Comment

        • Andy Hassall
          #3
          Re: Variables_Order Setting

          On Tue, 21 Dec 2004 15:29:38 -0500, "Buck Turgidson" <jc_va@hotmail. com> wrote:
          [color=blue]
          >According to an O'Reilly PHP book I have, setting variables_order to "ES" is
          >safer, but that one will need to create global variables, not rely on them
          >being created.
          >
          >Fair enough. But why does setting variables_order to ES cause the following
          >to break, even though it is what O'Reilly recommends? The "id" variable is
          >unpopulated. I have PHP 4.3.4 on Linux.
          >
          >$id = clean($_GET['id'],5);
          >$result = mysql_query("SE LECT * FROM my_table where id = $id",$db);
          >$myrow = mysql_fetch_arr ay($result);[/color]

          variables_order has no relation at all with the previous code. It only affects
          the deprecated register_global s method of form input, or the $_REQUEST
          superglobal.

          --
          Andy Hassall / <andy@andyh.co. uk> / <http://www.andyh.co.uk >
          <http://www.andyhsoftwa re.co.uk/space> Space: disk usage analysis tool

            Comment

            • Kevin
              #4
              Re: Variables_Order Setting

              If $id is unpopulated, your query will be:
              SELECT * FROM my_table where id =
              which is invalid.


              "Buck Turgidson" <jc_va@hotmail. com> wrote in message
              news:imdm92-t76.ln1@turf.tu rgidson.com...[color=blue]
              > According to an O'Reilly PHP book I have, setting variables_order to "ES"
              > is
              > safer, but that one will need to create global variables, not rely on them
              > being created.
              >
              > Fair enough. But why does setting variables_order to ES cause the
              > following
              > to break, even though it is what O'Reilly recommends? The "id" variable
              > is
              > unpopulated. I have PHP 4.3.4 on Linux.
              >
              >
              >
              >
              > $id = clean($_GET['id'],5);
              > $result = mysql_query("SE LECT * FROM my_table where id = $id",$db);
              > $myrow = mysql_fetch_arr ay($result);
              >
              >[/color]


                Comment

                Previous template Next
                Working...