[Phpmyadmin-devel] Re: Removing of grab_globals

Michal Čihař michal at cihar.com
Wed Dec 7 12:43:27 CET 2005


On Wed 7. 12. 2005 20:48, Marc Delisle wrote:
>  From the manual:
>      Variables provided to the script via the GET, POST, and COOKIE
> input mechanisms, and which therefore cannot be trusted. The presence
> and order of variable inclusion in this array is defined according to
> the PHP variables_order configuration directive. "

Yes, so there are variables from GET, POST, and COOKIE and their 
preference is defined by variables_order.

> This is a separate discussion. So you would like to refer to
> $_REQUEST['foo'] everywhere in the code, instead of importing into a
> global $foo?

Yes. You can then perfectly see that this variable is potentially 
dangerous. Putting everything in global namespace hides this 

    Michal Čihař | http://cihar.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.phpmyadmin.net/pipermail/developers/attachments/20051207/1e4a8565/attachment.sig>

More information about the Developers mailing list