adam beecher bleated:
> Eaaagh! Wrong! PHP lets you skip all steps - all GET, POST and ENV variables are
> imported to the symbol table automatically at runtime. So if you pass a variable
> via GET in a URL <http://www.dom.com/script.php3?var1=val1>, 'val1' is
> immediately available in $var1. Same goes for environment variables -
> $HTTP_HOST, $REQUEST_URI, etc. It's one of the best things about PHP.
two points:
a) if importing vars into the program's namespace is a great thing then
i assume you'll also enjoy http://www.deskware.com.
b) i'm thinking "huge security hole." does php force you to initialise
variables? what if i did:
while ($i < 10) {
do stuff
$i++;
}
and then the user passed a form variable i equal to -1000000 to my php
script?
you can import cgi params into main's namespace using the import_name
method, but this is considered insecure. generally i'm not too keen on
letting input magically affect my namespace unless i know more about the
magic - what's php's incantations to preserve security and correctness?
kevin
--
kevin at suberic.net "we were goin' for breakfast. in canada. we
fork()'ed on 37058400 made a deal: if she'd stop hookin', i'd stop
meatspace place: work shootin' people. maybe we were aiming high."
--porter, "payback"
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
