[Wolves] PHP global variables
Luke Redpath
luke at birmingham.lastfield.co.uk
Tue Sep 6 23:19:12 BST 2005
That said, it's a lot better practice to not use global variables, and I
would expect most hosts to have register_globals turned off - its off by
default by PHP and I can see little reason why a host would turn it back
on.
What does your code do?
Cheers
Luke
-----Original Message-----
From: Stuart Langridge [mailto:sil at kryogenix.org]
Sent: 06 September 2005 15:35
To: Wolverhampton Linux User Group
Subject: Re: [Wolves] PHP global variables
> How important is the 'security issue' with global variables in php?
> I've just realised that over half my scripts still rely on globals=on
> (having 'broke' them with a php re-install before I remembered to
> tujrn globals back on).
>
> Is it really worth the effort of re-writing scripts to sort this out?
Depends. If you're using any variables anywhere without having first
initialised them to a known value, and relying on PHP having initialised
them to zero or the empty string, then anyone can break your code by
explicitly specifying that variable in the URL even though you weren't
expecting them to. This is conceivably a very big problem, but it
depends on your code.
Aq.
_______________________________________________
Wolves LUG mailing list
Homepage: http://www.wolveslug.org.uk/
Mailing list: Wolves at mailman.lug.org.uk
Mailing list home: http://mailman.lug.org.uk/mailman/listinfo/wolves
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.lug.org.uk/pipermail/wolves/attachments/20050906/b685a1a5/attachment-0001.html
More information about the Wolves
mailing list