Webhotell closed global variables..

Ask about general coding issues or problems here.

Moderators: macek, egami, gesf

Joli
New php-forum User
New php-forum User
Posts: 5
Joined: Sat Sep 21, 2002 6:26 am
Contact:

Webhotell closed global variables..

Postby Joli » Sat Sep 21, 2002 6:30 am

I have been using this way to declare variables.. and give them a value

test.php?var1=1

But now my webhotell says Global variables is a bad for security so it doesnt work..

any ideas how I can solve this without starting from scratch again?

/Joli

DoppyNL

Postby DoppyNL » Sat Sep 21, 2002 8:58 am

here http://www.php.net/manual/en/reserved.variables.php you can find wich variables you can acces in what way.
you will have to use $_POST['varname'] etc, just read the page and you'll understand :)

Best thing to get you're scripts back working is to make sure you use the global array's, but that could be a lot of work.

quick solution is to "make" those variables global again at the top of the script.

Code: Select all

foreach ($GLOBALS AS $key => $val)
{
if ($key != "GLOBALS") {eval("\$$key = '$val';");}
}

I haven't tested this code, It's not my code either. but my best guess is it works.
In the long run it is better to use the new global array's, for security reasons again ofcourse.

Greetz Daan

Joli
New php-forum User
New php-forum User
Posts: 5
Joined: Sat Sep 21, 2002 6:26 am
Contact:

still problems..

Postby Joli » Sun Sep 22, 2002 3:37 am

When I used your code or whoever it was :D it seems the variable works ok but when I give it different values it doesnt change so always the default value...

DoppyNL

Postby DoppyNL » Sun Sep 22, 2002 4:07 am

I think it works for posted variables (post, get, cookies) but partially for session variables.
at the bottem of you're script you will have to put them back into the global array to change them for the next script.
so, at the start you did (in the loop):

Code: Select all

$local = $_SESSION['local'];

at the end you will have to do:

Code: Select all

$_SESSION['local'] = $local;

to save you're variables.
perhaps registering those variables again will also work.

one final note again: afcourse it is MUCH better to adjust the code itself so the code acceses the global array's.

Greetz Daan

Jay

Postby Jay » Sun Sep 22, 2002 11:23 am

DoppyNL wrote:

Code: Select all

foreach ($GLOBALS AS $key => $val)
{
if ($key != "GLOBALS") {eval("\$$key = '$val';");}
}


I just thought I'd fix your code so it'll work better!

Code: Select all

   $arrays = array("Server","Session","Cookie","Post","Get");
   foreach($arrays as $arrayID) {
      eval("\$array = @\$_".strtoupper($arrayID).";");
      if (sizeof($array)) {
         foreach($array as $key => $value) $$key = $value;
      }
   }

This will cycle through all the arrays, and you can change the order so it'll take preference to one array (like the GPC order). Simply place them in order of authority starting from the lowest!

Joli
New php-forum User
New php-forum User
Posts: 5
Joined: Sat Sep 21, 2002 6:26 am
Contact:

2 or more global

Postby Joli » Sat Sep 28, 2002 4:55 am

That code worked great but what do I do to use it for 2 variables?

like on one page I have first so it checks variable gardnr which it gets like gardinfo.php?gardnr=2

but after that it is supposed to check the value of skicka (send) variable which changes value when you push the send form button.

/Joli

Jay

Postby Jay » Sat Sep 28, 2002 5:09 am

If you're talking about the code I gave you, you can't use your own variables. Those names are for the Super Global Arrays only. If you use this code, you can access any $_POST,$_GET etc variable just by calling it directly (ie $var instead of $_POST['var']).

Xerpher
New php-forum User
New php-forum User
Posts: 164
Joined: Tue Aug 27, 2002 8:25 pm
Location: Ontario, Canada
Contact:

Postby Xerpher » Sun Sep 29, 2002 3:03 pm

Hmm, well that code you gave didn't work for, but I just wanna know, if globals are disabled on a Unix server, how would they be re-enabled? because my hosting service is full of morons and don't know how to re-enable it.

[edit]
If global variables are disabled, how would I get variables from the $_SERVER array?
[/edit]

Jay

Postby Jay » Sun Sep 29, 2002 11:47 pm

You would use that code I gave you, but otherwise:

Code: Select all

while(list($var,$val) = each($_SERVER)) $$var = $val;

That'll convert all the $_SERVER variables into normal ones!

BTW, Global variables ARE bad, and in PHP you don't need to explicitely declare a variable before you can use it. Variables are declared implicitely as they're used.

Xerpher
New php-forum User
New php-forum User
Posts: 164
Joined: Tue Aug 27, 2002 8:25 pm
Location: Ontario, Canada
Contact:

Postby Xerpher » Mon Sep 30, 2002 7:39 am

Why are Global variables bad?

DoppyNL

Postby DoppyNL » Mon Sep 30, 2002 7:44 am

from http://www.php.net/manual/en/security.r ... lobals.php
One feature of PHP that can be used to enhance security is configuring PHP with register_globals = off. By turning off the ability for any user-submitted variable to be injected into PHP code, you can reduce the amount of variable poisoning a potential attacker may inflict. They will have to take the additional time to forge submissions, and your internal variables are effectively isolated from user submitted data.

While it does slightly increase the amount of effort required to work with PHP, it has been argued that the benefits far outweigh the effort.


I think that in the future the setting "register globals" will be discarded as an option and allways be off.

Greetz Daan


Return to “PHP coding => General”

Who is online

Users browsing this forum: No registered users and 1 guest