PHP; $_GET and POST data.
Is there an option in php.ini to make it automatically grab these variables?
Thanks in advance.
4 Replies
For anybody that's interested, in php.ini there is an option called: 'register_globals'. By default, the line is:
register_globals = Off
you must change this to:
register_globals = On
I apologize for the waste of a thread.
$GET, $POST, $SESSION, $REQUEST, $_SERVER, $GLOBALS, etc. are called "superglobals" variables and are always available and populated since PHP v4.1.0 whenever there is a request made to the page in question.
Register globals (which is an old method of php programming and NOT recommended) will transform each parameter from a GET or POST http query query string to a PHP variable … meaning:
If you requested "index.php?user=john&location=atlanta" then inside index.php you will have available 2 variables: $user which value is the string "john" and $location which value is "atlanta".
This method of programming is not recommended for various security reasons as well as bad way of programming (there are hundreds of pages writton on "register globals" in php). You can read what the php developers have to say:
> ; - register_globals = Off [Security, Performance]
; Global variables are no longer registered for input data (POST, GET, cookies,
; environment and other server variables). Instead of using $foo, you must use
; you can use $_REQUEST["foo"] (includes any variable that arrives through the
; request, namely, POST, GET and cookie variables), or use one of the specific
; $GET["foo"], $POST["foo"], $COOKIE["foo"] or $FILES["foo"], depending
; on where the input originates. Also, you can look at the
; importrequestvariables() function.
; Note that register_globals is going to be depracated (i.e., turned off by
; default) in the next version of PHP, because it often leads to security bugs.
; Read
http://php.net/manual/en/security.registerglobals.php for further; information.
Instead, you should always use the superglobals. So, for the example above, inside index.php, instead of using $user and $location you would always access your data from $GET['user'] and $GET['location'].
All paramters passed in the query string when you called the page (like i wrote it above) are available in $GET. When you write a form with "method=post" then the form's elements' name become indexes of the $POST array (see
This is a very basic part of PHP that you should get a strong grip on before advancing and building interactive web pages. Check out the php manual about this for more details … the user comments available on each page of the online manual are usually worth reading. You can start here
Cheers
I'll definitely consider what you've said though.
phpflag registerglobals On
in httpd.conf only when you need it for a virtual host or directory. I think it can go in a .htaccess too.
Cheers
Ross