PHP newbieness (was Re: [prog] Introducing . . . )
Meredydd Luff
meredydd at everybuddy.com
Tue Nov 5 21:25:01 EST 2002
Yeah, I got stung badly by something like this - I think it was an earlier
version of the fix to this family of potential holes. It was this summer when
there was this kerfuffle over a security hole in PHP, and I upgraded to the
latest version _in the middle of developing a production application_! (I was
doing work experience at the time.) I got around it by turning on the option
(whose name I forget) which makes all such variables global, and it started
working again, but I really scared myself there :-)
Meredydd
On Tuesday 05 November 2002 19:44, Katie Bechtold wrote:
> > My goal is to learn enough linux/php/mysql to get some web pages coded
> > and maybe support my internet habit of learning a little more tomorrow.
>
> Hi Tamara! (I'm fighting the urge to call you abbey because that's
> what you e-mail's From line calls you.)
> I'm also a PHP newbie, and I feel compelled to share this tidbit of
> knowledge in the hopes that it will save other PHP newbies some
> headaches. It is this: starting with PHP version 4.2.0, there is a
> big change having to do with superglobal variables. Before getting
> into it, I want to note that this change will break scripts written
> for prior versions of PHP if you're running them on version 4.2.0 or
> later.*
> If you're using PHP to write web scripts, superglobals are
> predefined arrays containing variables from the web server, the
> environment, and user input. Whereas in older version of PHP you
> might refer to a variable like $php_auth_user, in newer versions you
> will use something like $_SERVER['PHP_AUTH_USER']. Likewise, where
> before you might have written $favourite_colour to access a user's
> input to a form field, you'd now use $_GET['favourite_colour'] or
> $_POST['favourite_color'].
> The bottom line is, if you're web scripting with PHP, it's really
> important to know which version of PHP you're running. For more on
> superglobals, see
> http://www.php.net/manual/en/language.variables.predefined.php#language.var
>iables.superglobals. * Unless you explicitly turn on the PHP directive
> register_globals (in php.ini), but the PHP Manual recommends against doing
> that
> because security is generally tighter if you leave it to the default
> value of off. (In versions prior to 4.2.0, the default value is
> on.)
--
MSN Developer, Everybuddy project
http://www.everybuddy.com/
MSN: blip109 at hotmail.com
AIM: blip109
Yahoo: modula7
More information about the Programming
mailing list