> I didn't realized that PHP had been going so fast that it was creating > problems for compatiblility. > > Here is my situation: PHP on my development server is 4.0.6 while > on the application server it is PHP 4.2.2. I bet you all know that there's > a huge basic differences between the two but I don't know them! > In PHP 4.2.2, variables passed by either GET or POST method can > not be accessed straitforwardly by their name, you have to fetch them > from $HTTP_POST_VARS or $HTTP_GET_VARS. To my understanding, > directly using submitted variables by their name is one of the basic great > PHP features, and I always use vars in this way. However, you can > imagine that, recently due to the PHP upgrading I got bunch of problems > when deploying. > > What I want to know are: > 1. why PHP changed the way to access submitted vars;
PHP wasn't changed, it just changed the default of one configuration in php.ini. Set your register_globals back to ON and things are just as they were in the past. It was changed to stop poorly written code from having as many security issues. If you use a variable $var, you have no idea if it came from the user, session, cookie, or from the script. You have to remember it yourself. So, you may assume your script made $var, but it really came from the URL. Using $_GET['var'] lets you know for sure that that value came from the url. With register_globals off, you know $var was created from within your scripts and cannot of came from a user. > 2. any good suggestion to avoid this problem, such as that is it possible > to configure 4.2.2 to compatible downward. register_globals = On ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
