Board index   FAQ   Search  
Register  Login
Board index php forum :: php coding PHP coding => General

Webhotell closed global variables..

Ask about general coding issues or problems here.

Moderators: macek, egami, gesf

Webhotell closed global variables..

Postby Joli » Sat Sep 21, 2002 6:30 am

I have been using this way to declare variables.. and give them a value

test.php?var1=1

But now my webhotell says Global variables is a bad for security so it doesnt work..

any ideas how I can solve this without starting from scratch again?

/Joli
Joli
New php-forum User
New php-forum User
 
Posts: 5
Joined: Sat Sep 21, 2002 6:26 am

Postby DoppyNL » Sat Sep 21, 2002 8:58 am

here http://www.php.net/manual/en/reserved.variables.php you can find wich variables you can acces in what way.
you will have to use $_POST['varname'] etc, just read the page and you'll understand :)

Best thing to get you're scripts back working is to make sure you use the global array's, but that could be a lot of work.

quick solution is to "make" those variables global again at the top of the script.
Code: Select all
foreach ($GLOBALS AS $key => $val)
{
if ($key != "GLOBALS") {eval("\$$key = '$val';");}
}

I haven't tested this code, It's not my code either. but my best guess is it works.
In the long run it is better to use the new global array's, for security reasons again ofcourse.

Greetz Daan
DoppyNL
 

still problems..

Postby Joli » Sun Sep 22, 2002 3:37 am

When I used your code or whoever it was :D it seems the variable works ok but when I give it different values it doesnt change so always the default value...
Joli
New php-forum User
New php-forum User
 
Posts: 5
Joined: Sat Sep 21, 2002 6:26 am

Postby DoppyNL » Sun Sep 22, 2002 4:07 am

I think it works for posted variables (post, get, cookies) but partially for session variables.
at the bottem of you're script you will have to put them back into the global array to change them for the next script.
so, at the start you did (in the loop):
Code: Select all
$local = $_SESSION['local'];

at the end you will have to do:
Code: Select all
$_SESSION['local'] = $local;

to save you're variables.
perhaps registering those variables again will also work.

one final note again: afcourse it is MUCH better to adjust the code itself so the code acceses the global array's.

Greetz Daan
DoppyNL
 

Postby Jay » Sun Sep 22, 2002 11:23 am

DoppyNL wrote:
Code: Select all
foreach ($GLOBALS AS $key => $val)
{
if ($key != "GLOBALS") {eval("\$$key = '$val';");}
}


I just thought I'd fix your code so it'll work better!
Code: Select all
   $arrays = array("Server","Session","Cookie","Post","Get");
   foreach($arrays as $arrayID) {
      eval("\$array = @\$_".strtoupper($arrayID).";");
      if (sizeof($array)) {
         foreach($array as $key => $value) $$key = $value;
      }
   }

This will cycle through all the arrays, and you can change the order so it'll take preference to one array (like the GPC order). Simply place them in order of authority starting from the lowest!
Jay
 

2 or more global

Postby Joli » Sat Sep 28, 2002 4:55 am

That code worked great but what do I do to use it for 2 variables?

like on one page I have first so it checks variable gardnr which it gets like gardinfo.php?gardnr=2

but after that it is supposed to check the value of skicka (send) variable which changes value when you push the send form button.

/Joli
Joli
New php-forum User
New php-forum User
 
Posts: 5
Joined: Sat Sep 21, 2002 6:26 am

Postby Jay » Sat Sep 28, 2002 5:09 am

If you're talking about the code I gave you, you can't use your own variables. Those names are for the Super Global Arrays only. If you use this code, you can access any $_POST,$_GET etc variable just by calling it directly (ie $var instead of $_POST['var']).
Jay
 

Postby Xerpher » Sun Sep 29, 2002 3:03 pm

Hmm, well that code you gave didn't work for, but I just wanna know, if globals are disabled on a Unix server, how would they be re-enabled? because my hosting service is full of morons and don't know how to re-enable it.

[edit]
If global variables are disabled, how would I get variables from the $_SERVER array?
[/edit]
Xerpher
New php-forum User
New php-forum User
 
Posts: 164
Joined: Tue Aug 27, 2002 8:25 pm
Location: Ontario, Canada

Postby Jay » Sun Sep 29, 2002 11:47 pm

You would use that code I gave you, but otherwise:
Code: Select all
while(list($var,$val) = each($_SERVER)) $$var = $val;

That'll convert all the $_SERVER variables into normal ones!

BTW, Global variables ARE bad, and in PHP you don't need to explicitely declare a variable before you can use it. Variables are declared implicitely as they're used.
Jay
 

Postby Xerpher » Mon Sep 30, 2002 7:39 am

Why are Global variables bad?
Xerpher
New php-forum User
New php-forum User
 
Posts: 164
Joined: Tue Aug 27, 2002 8:25 pm
Location: Ontario, Canada

Postby DoppyNL » Mon Sep 30, 2002 7:44 am

from http://www.php.net/manual/en/security.r ... lobals.php
One feature of PHP that can be used to enhance security is configuring PHP with register_globals = off. By turning off the ability for any user-submitted variable to be injected into PHP code, you can reduce the amount of variable poisoning a potential attacker may inflict. They will have to take the additional time to forge submissions, and your internal variables are effectively isolated from user submitted data.

While it does slightly increase the amount of effort required to work with PHP, it has been argued that the benefits far outweigh the effort.


I think that in the future the setting "register globals" will be discarded as an option and allways be off.

Greetz Daan
DoppyNL
 


Return to PHP coding => General

Who is online

Users browsing this forum: Bing [Bot] and 2 guests

Sponsored by Sitebuilder Web hosting and Traduzioni Italiano Rumeno and antispam for cPanel.