[Phpmyadmin-devel] Removing of grab_globals

Michal Čihař michal at cihar.com
Wed Dec 7 01:10:05 CET 2005

Hi all

I thing we all agree on removal of this security evil script. Me and
Marc already had non public discussion on this topic, however I thing
it should go on this list, so lets start it again :-).

Basically there is need for some function to grab required parameters
from request and clean up GLOBALS array in case of register_globals is

I suggested to create some function like:

PMA_grabParameter($name, $request, $sanitizing = 'none', $required =

The request parameter might not be needed, but it's up to discussion.

While Marc came with way how Moodle does it:

Moodle does this (I did not pasted the full clean_param() function)

$id          = optional_param('id', 0, PARAM_INT);
$name        = optional_param('name');
$edit        = optional_param('edit');
$idnumber    = optional_param('idnumber');

function optional_param($varname, $default=NULL, $options=PARAM_CLEAN) {

     if (isset($_POST[$varname])) {       // POST has precedence
         $param = $_POST[$varname];
     } else if (isset($_GET[$varname])) {
         $param = $_GET[$varname];
     } else {
         return $default;

     return clean_param($param, $options);


I do not thing it is good idea to have optional parameters in most of

	Michal Čihař | http://cihar.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.phpmyadmin.net/pipermail/developers/attachments/20051207/fcaacc45/attachment.sig>

More information about the Developers mailing list