Re: PHP and "Register_Globals"

[shimi <shimi () shimi net>]

just ask your provider to add the following in your VirtualHost:

php_value register_globals on

and this will be enable for your site, and your site only...

alternatively, you can use a function that does just that (imports 
everything automatically). see:
http://www.php.net/import-request-variables

good luck.

On Sat, 29 Mar 2003, Ulrich P. wrote:

> hello,
>
> newer php-versions have set "register_globals" to "off" by default. i 
> programmed a huge php-project during the last year and didn't start 
> using the global POST and GET-arrays, so if a form contains <input 
> type=text name=age> if use $age in my scripts.
>
> I soon realized the security issues, and wrote my own 
> validation-functions, ... to handle all the XSS and SQL-injection problems.
>
> my question is now: my app is 'safe', but what do I do if my future 
> webhost has register_globals to 'off'?
>
> would it be possible to write a script that registers the whole 
> POST-array as single variables? simply as it used to be in 'older' 
> PHP-versions?
>
> any ideas welcome :)
>
>
> regards,
>
> Ulrich

-- 

  Best regards,
     Shimi


----

   "Outlook is a massive flaming horrid blatant security violation, which
    also happens to be a mail reader."

   "Sure UNIX is user friendly; it's just picky about who its friends are."