[Phpmyadmin-devel] Removing of grab_globals

Marc Delisle Marc.Delisle at cegepsherbrooke.qc.ca
Wed Dec 7 11:49:08 CET 2005 

Sebastian Mendel a écrit :
> Marc Delisle schrieb:
> 
>> Sebastian Mendel a écrit :
>>
>>> Marc Delisle schrieb:
>>>
>>>>> i think in most cases PMA should use $_REQUEST directly and use one 
>>>>> of the above function only to set default values
>>>>>
>>>>> using of $_REQUEST makes it more clear where this variable came 
>>>>> from, reminding the developer always to take care with this variables!
>>>>
>>>>
>>>>
>>>> I don't understand why using $_REQUEST makes more clear where this 
>>>> variable came from. In $_REQUEST, variables can come from EGPCS, as 
>>>> defined by the variables_order directive. I think that it's better 
>>>> to say explicitly where we expect each variable to come from.
>>>
>>>
>>>
>>> $_REQUEST holds only $_POST, $_GET, $_COOKIE, normally in this order
>>
>>
>>
>> Not according to
>> http://www.php.net/manual/en/ini.core.php#ini.variables-order
> 
> 
> this is the order for register_globals what has not much todo with 
> $_REQUEST

 From the manual:
"$_REQUEST

     Variables provided to the script via the GET, POST, and COOKIE 
input mechanisms, and which therefore cannot be trusted. The presence 
and order of variable inclusion in this array is defined according to 
the PHP variables_order configuration directive. "
> 
> http://de.php.net/manual/en/reserved.variables.php#reserved.variables.request 
> 
> 
> 
>>> and it makes clear that this variable came from outside and has to be 
>>> handled with care, of course the other superglobals too
>>
>>
>> So why not go with the clearer way?
> 
> 
> why not? i did not fully understand ...
> what is the clearer way?
> 
> i prefer using $_REQUEST as the clearer way as i wrote before
> 
> i always prefer using superglobals than importing them into GLOBAL space

This is a separate discussion. So you would like to refer to 
$_REQUEST['foo'] everywhere in the code, instead of importing into a 
global $foo?

> 
> and i prefer use $_REQUEST than $_POST or $_GET as sometimes its needed 
> to change between POSTING or 'GETTING' variables, like PMA currently 
> does with request larger than 1000 chars.
> 

I just wonder, since the contents of $_REQUEST _might_ be coming from 
Environment, Server and Cookie, depending on the variables_order 
directive, if we are not going to regret it later.

Marc

More information about the Developers mailing list