Register_globals
Register_globals på vores servere
| Server | Globals |
|---|---|
| Windows | Off |
| Unix | On |
"Register_globals = off" betyder at du muligvis ikke kan bruge querystrings som du er vant til. At køre en server med "Register_globals = on" forringer sikkerheden og vi kører derfor så vidt muligt med "Register_globals = off". Den nye anbefalede metode i PHP4 er følgende:
<!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html>
<title></title>
<p>
<?
$strParm = $HTTP_GET_VARS["type"];
$strParm = eregi_replace("[^a-z0-9_\.\-]", "", $strParm);
echo $strParm;
?>
</p>
</html>
Prøv kaldet: php-get-vars.php?type=hej der kalder ovenstående kode. Dette virker forøvrigt også i PHP3. Har du meget kode der bruger det gamle system kan du med fordel kopiere følgende kode ind øverst i alle dine scripts, så vil al din gamle kode virke uden at det er nødvendigt at ændre det.
Fil der henter variable:
require("/usr/local/www/ftpbrugernavn/inc/http-vars.inc");
Include filen:
if($HTTP_GET_VARS){
foreach($HTTP_GET_VARS as $Key=>$Value)
{
$$Key = $Value;
}
}
if($HTTP_POST_VARS){
foreach($HTTP_POST_VARS as $Key=>$Value)
{
$$Key = $Value;
}
}
if($HTTP_SESSION_VARS){
foreach($HTTP_SESSION_VARS as $Key=>$Value)
{
$$Key = $Value;
}
}
if($HTTP_COOKIE_VARS){
foreach($HTTP_COOKIE_VARS as $Key=>$Value)
{
$$Key = $Value;
}
}
if($HTTP_SERVER_VARS){
foreach($HTTP_SERVER_VARS as $Key=>$Value)
{
$$Key = $Value;
}
}
if($HTTP_ENV_VARS){
foreach($HTTP_ENV_VARS as $Key=>$Value)
{
$$Key = $Value;
}
}
Lidt information fra PHP konfigurationen.
- allow_call_time_pass_reference = Off
It's not possible to decide to force a variable to be passed by reference when calling a function. The PHP 4 style to do this is by making the function require the relevant argument by reference. - register_globals = Off
Global variables are no longer registered for input data (POST, GET, cookies, environment and other server variables). Instead of using $foo, you must use $HTTP_POST_VARS["foo"], $HTTP_GET_VARS["foo"], $HTTP_COOKIE_VARS["foo"], $HTTP_ENV_VARS["foo"] or $HTTP_SERVER_VARS["foo"], depending on which kind of input source you're expecting 'foo' to come from. - magic_quotes_gpc = Off
Input data is no longer escaped with slashes so that it can be sent into SQL databases without further manipulation. Instead, you should use the function addslashes() on each input element you wish to send to a database. - variables_order = "GPCS"
The environment variables are not hashed into the $HTTP_ENV_VARS[]. To access environment variables, you can use getenv() instead.
