register globals --> SUPER globals problem

Started by Parham, April 14, 2004, 11:57:58 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

Parham

April 14, 2004, 11:57:58 AM
I'm in the process of changing a HUGE program from using register globals (icky yes i know) to super globals.  I came across a problem where several portions of the script relied both on GET and POST request methods (thus using register globals really made it easy).  I'm now tempted to use $_REQUEST, but it includes cookies (pgc).  I was wondering how the rest of you dealt with variables that came from more than one request type.  I was going to use if statements to set up the variables depending on which one of GET or POST was set, but that's a pain.  Should I just give into $_REQUEST?

[Unknown]

#1
April 14, 2004, 12:06:45 PM
Just do this:

$_REQUEST = $_POST + $_GET;

SMF does it :P ;).

-[Unknown]

Parham

#2
April 14, 2004, 12:11:45 PM
HOLY COW...!!!!!!!!!!!!!!!!!!!!!!!

Parham

#3
April 14, 2004, 12:25:43 PM
ok goodie... use $_POST where i know i'll get POST requests... use $_GET where i know i'll get GET requestions, use $_REQUEST where i might get both type of requests.  unknown, post this as a comment in the tutorials, this is a great tip :)

David

#4
April 14, 2004, 12:29:39 PM
Seems like it makes more sense to like use $_GETPOST or something so not to confuse devs who understand $_REQUEST as including cookie data.
This space for rent.

Parham

#5
April 14, 2004, 12:38:16 PM
Quote from: David on April 14, 2004, 12:29:39 PM
Seems like it makes more sense to like use $_GETPOST or something so not to confuse devs who understand $_REQUEST as including cookie data.

but then you'd have to globalize it.  I wanted to ignore that whole aspect.  I just realized what if $_POST and $_GET ahve overlapping values?

David

#6
April 14, 2004, 12:39:24 PM
True.
This space for rent.

Jack.R.Abbit™

#7
April 14, 2004, 12:56:30 PM
Quote from: Parham on April 14, 2004, 12:38:16 PM
Quote from: David on April 14, 2004, 12:29:39 PM
Seems like it makes more sense to like use $_GETPOST or something so not to confuse devs who understand $_REQUEST as including cookie data.

but then you'd have to globalize it.  I wanted to ignore that whole aspect.  I just realized what if $_POST and $_GET ahve overlapping values?
you could use $GLOBALS['GETPOST'] since $GLOBALS is already "globalized".  You just have to deal with the extra array element.  Not a big deal.

Parham

#8
April 14, 2004, 02:01:02 PM
Quote from: Jack.R.Abbit on April 14, 2004, 12:56:30 PM
Quote from: Parham on April 14, 2004, 12:38:16 PM
Quote from: David on April 14, 2004, 12:29:39 PM
Seems like it makes more sense to like use $_GETPOST or something so not to confuse devs who understand $_REQUEST as including cookie data.

but then you'd have to globalize it.  I wanted to ignore that whole aspect.  I just realized what if $_POST and $_GET ahve overlapping values?
you could use $GLOBALS['GETPOST'] since $GLOBALS is already "globalized".  You just have to deal with the extra array element.  Not a big deal.

isn't GLOBALS deprecatd?  plus globals still has everything in it from all the superglobals

Code Select

<?php

$_GET['a'] = 'hello';
$_GET['b'] = 'hi';
$_POST['b'] = 'bonjour';
$_POST['c'] = 'salam';

//$_REQUEST = $_POST + $_GET; //post will override get with duplicate values
$_REQUEST = $_GET + $_POST; //get will override post in duplicate values

something();

function something() {

print_r($_GET);
print "\n\n";
print_r($_POST);
print "\n\n";
print_r($_REQUEST);

}

?>

Jack.R.Abbit™

#9
April 14, 2004, 02:29:45 PM
Quote from: Parham on April 14, 2004, 02:01:02 PM
Quote from: Jack.R.Abbit on April 14, 2004, 12:56:30 PM
Quote from: Parham on April 14, 2004, 12:38:16 PM
Quote from: David on April 14, 2004, 12:29:39 PM
Seems like it makes more sense to like use $_GETPOST or something so not to confuse devs who understand $_REQUEST as including cookie data.

but then you'd have to globalize it.  I wanted to ignore that whole aspect.  I just realized what if $_POST and $_GET ahve overlapping values?
you could use $GLOBALS['GETPOST'] since $GLOBALS is already "globalized".  You just have to deal with the extra array element.  Not a big deal.

isn't GLOBALS deprecatd?  plus globals still has everything in it from all the superglobals
http://us4.php.net/manual/en/language.variables.predefined.php doesn't say anything about it being depricated... and its listed first.  True it contains everything and its available everywhere... but it would regardless if you use it or not.  I was simply offering a solution that solves both "issues"... 1) It won't confuse devs that expect $_REQUEST to have cookie data and 2) Its does not need to be "globalized".  I guess I'm not sure what you are trying to achieve.  So what if $_REQUEST includes cookies?

Parham

#10
April 14, 2004, 02:38:48 PM
Quote from: Jack.R.Abbit on April 14, 2004, 02:29:45 PM
Quote from: Parham on April 14, 2004, 02:01:02 PM
Quote from: Jack.R.Abbit on April 14, 2004, 12:56:30 PM
Quote from: Parham on April 14, 2004, 12:38:16 PM
Quote from: David on April 14, 2004, 12:29:39 PM
Seems like it makes more sense to like use $_GETPOST or something so not to confuse devs who understand $_REQUEST as including cookie data.

but then you'd have to globalize it.  I wanted to ignore that whole aspect.  I just realized what if $_POST and $_GET ahve overlapping values?
you could use $GLOBALS['GETPOST'] since $GLOBALS is already "globalized".  You just have to deal with the extra array element.  Not a big deal.

isn't GLOBALS deprecatd?  plus globals still has everything in it from all the superglobals
http://us4.php.net/manual/en/language.variables.predefined.php doesn't say anything about it being depricated... and its listed first.  True it contains everything and its available everywhere... but it would regardless if you use it or not.  I was simply offering a solution that solves both "issues"... 1) It won't confuse devs that expect $_REQUEST to have cookie data and 2) Its does not need to be "globalized".  I guess I'm not sure what you are trying to achieve.  So what if $_REQUEST includes cookies?

it just bugged me that's all.  I also find it funny how the documentation labels $_REQUEST as unsecure ("it can't be trusted") while $GLOBALS has no such warning.  You're right though Jack.R.Abbit, my mind completely slipped on $GLOBALS.  I guess I was just looking for something which resembled the rest of the superglobals :).

Jack.R.Abbit™

#11
April 14, 2004, 06:24:24 PM
Well, its up to you since you're the dev.  I don't know if there even is just one right answer to this.


hmmm... why didn't that url parse?

[Unknown]

#12
April 14, 2004, 07:08:12 PM
You put it immediately after a ].  It can't parse those URLs automatically. ([url ]http://www....[/ url])

Anyhow, imho cookies don't belong in $_REQUEST.  I don't even see why you'd have them there.  They aren't "request" variables because, unlike get and post, they are not used to *request* anything.

-[Unknown]

Jack.R.Abbit™

#13
April 14, 2004, 07:43:11 PM
Quote from: [Unknown] on April 14, 2004, 07:08:12 PM
Anyhow, imho cookies don't belong in $_REQUEST.  I don't even see why you'd have them there.  They aren't "request" variables because, unlike get and post, they are not used to *request* anything.
I'd have to agree with that... but the question is not really "should they be there?"... but rather, "does being there cause enough harm that it is worth the step to take them out?"

[Unknown]

#14
April 14, 2004, 09:52:59 PM
SMF has to refill it because GET is wrong with ; on 99% of all servers.

-[Unknown]
Print
Go Up Pages1
User actions
Advertisement: