Globals

**mendhak** · Apr 18th, 2003, 05:15 AM

I've just installed Apache and PHP on this notebook...

While editing the php.ini file, I went in to set globals as on, but I read a little warning on top:

; You should do your best to write your scripts so that they do not require
; register_globals to be on; Using form variables as globals can easily lead
; to possible security problems, if the code is not very well thought of.
register_globals = On

Nevertheless, I've set it to on, because on some of my php pages, I am doing the following:

if the URL is like
http://localhost/show.php?id=28

I get the value of id using global. Suppose id=28, then I search for a file named 28.php and include it in show.php.

So, you can see that I do require globals to be on in this case.
Is there an alternative to this? How can I pass the value 28 to show.php without having to use globals? Any other suggestions?

Thanks.

**The Hobo** · Apr 18th, 2003, 10:41 AM

You do not have to use globals. You can use the superglobals $_POST['id'] or $_GET['id'] just the same as you use the global $id.

**phpman** · Apr 18th, 2003, 03:04 PM

with register gobals off it just means you have to use the super globals like hobo said.

so instead of getting that id from the url like this

echo $id

you just do this

echo $_GET["id"]

that is the difference. and yes you should run with it off.

**mendhak** · Apr 19th, 2003, 05:14 AM

Kripes, more changes in my pages.

If globals should be turned off, why do they exist?

**The Hobo** · Apr 19th, 2003, 07:49 AM

Originally posted by mendhak
Kripes, more changes in my pages.

If globals should be turned off, why do they exist?

To be backwards complaint with previous versions of PHP. They existed before it was known that they were a big security risk.

However, if, in new versions of PHP, they removed it completely, then suddenly nearly 90% of the PHP pages on the web would cease to function.

And that wouldn't look good.

So they had to keep it in there for compatibility.

**mendhak** · Apr 19th, 2003, 08:11 AM

I see. Thank you Hobo San.

**The Hobo** · Apr 19th, 2003, 12:52 PM

I should add that they did give warning, though, before setting it off by default.

Through versions 4.2.x of PHP, they had the superglobals and warned that the regular globals would be off by default starting in 4.3.

So...yeah.

**phpman** · Apr 19th, 2003, 01:46 PM

they had superglobals in 4.1 and globals were warned to be off in 4.2 and defaulted to off in 4.3

**The Hobo** · Apr 19th, 2003, 04:20 PM

Originally posted by phpman
they had superglobals in 4.1 and globals were warned to be off in 4.2 and defaulted to off in 4.3

Eh, I was close enough.

Thread: Globals

Thread Tools

Display

Globals

Posting Permissions