>1) $GLOBALS, Where does this come from and where does this goes to? I
>noticed there is no variable declaration for this, so I just know that it is
>part of PHP codes, although I haven't figure out what is it part of.
Every variable you assign, change, or unset, or that comes in from the
outside world, is in $GLOBALS.
$GLOBALS is PHP's internal array of all variables with their values.
Mucking directly with $GLOBALS in any way shape or form is almost-for-sure a
Bad Idea (tm).
[There are exceptions to this rule... If you know what you're doing well
enough to be doing those exceptions, go for it.]
>2) What would be the way to go to make it work, when changing it within this
>script with register_global turned on to turned off?
>--clip --
> while (list($var, $value) = each($GLOBALS[HTTP_POST_VARS])
> {
> $GLOBALS[$var] = stripslashes(trim($value));
> }
> reset ($GLOBALS[HTTP_POST_VARS]);
>--clip--
>I tried different ways to make it work and I kept getting the error saying
>" Variable passed to each() is not an array or object "
>" Variable passed to reset() is not an array or object "
if (isset($HTTP_POST_VARS)){
reset($HTTP_POST_VARS);
while(list($var, $val) = each($HTTP_POST_VARS)){
$$var = $val;
}
}
You could repeat this code for $HTTP_GET_VARS, $HTTP_COOKIE_VARS, etc.
You could even do it, in order, for all of them, and essentially "undo" the
turning off of register_globals.
Once you've gone that far, it's only a step away to write an "import"
function which takes variable names and/or source (POST, GET, COOKIE) and
sucks in the variables you expect at the top of your script, without sucking
in the potentially damaging crud of a hacker.
# Untested code. YMMV.
function import($variables = NULL, $source = NULL){
if (is_array($variables)){
while (list($var, $source) = $variables)){
# HACK!!!
# If no source was supplied, the value is the variable, not the key.
if (is_int($var){
import($var);
}
else{
import($var, $source);
}
}
}
else{
global $$var;
if ($source === NULL){
# Should suck in the ordering from EGPCS thingie in php.ini, really.
I'm lazy.
if (isset($HTTP_POST_VARS[$var])){
$$var = $HTTP_POST_VARS[$var];
}
elseif (isset($HTTP_GET_VARS[$var])){
$$var = $HTTP_GET_VARS[$var];
}
# The remaining elseif clauses for COOKIE, ENV, etc are left as an
exercise for the reader...
}
elseif ($variables != NULL){
$array = "HTTP_$source_VARS";
# This next bit might need some syntactic work with those {}s in
there... Untested code, eh?
if (isset({$$array}[$var])){
$$var = {$$array}[$var];
}
}
}
}
Sample usage, if I got the code correct:
import("foo"); # Imports $foo just like PHP used to
import("foo", 'POST'); # Imports $foo like PHP used to, but only if it's a
POST.
import(array('foo', 'bar'); # Imports $foo and $bar like PHP used to.
import(array('foo'=>'POST', 'bar'=>'GET'); # Imports $foo from POST and $bar
from GET like PHP used to... Okay, not a whole lot like PHP used to, but
sorta.
NOTE:
If you know your code will never need to run on *older* versions of PHP,
replace $HTTP_POST_VARS with that new-fangled $_POST variable.
NOTE:
All the solutions up to, but not includeing, "function import", completely
bypass the entire *point* of not using register_globals in the first place.
It should be considered a short-term solution.
--
Like Music? http://l-i-e.com/artists.htm
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
