[Phpmyadmin-devel] Re: Removing of grab_globals
Michal Čihař
michal at cihar.com
Wed Dec 7 12:43:27 CET 2005
Hi
On Wed 7. 12. 2005 20:48, Marc Delisle wrote:
> From the manual:
> "$_REQUEST
>
> Variables provided to the script via the GET, POST, and COOKIE
> input mechanisms, and which therefore cannot be trusted. The presence
> and order of variable inclusion in this array is defined according to
> the PHP variables_order configuration directive. "
Yes, so there are variables from GET, POST, and COOKIE and their
preference is defined by variables_order.
> This is a separate discussion. So you would like to refer to
> $_REQUEST['foo'] everywhere in the code, instead of importing into a
> global $foo?
Yes. You can then perfectly see that this variable is potentially
dangerous. Putting everything in global namespace hides this
difference.
--
Michal Čihař | http://cihar.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.phpmyadmin.net/pipermail/developers/attachments/20051207/1e4a8565/attachment.sig>
More information about the Developers
mailing list