[Phpmyadmin-devel] Removing of grab_globals

Sebastian Mendel lists at sebastianmendel.de
Wed Dec 7 12:56:43 CET 2005

Marc Delisle schrieb:
> Sebastian Mendel a écrit :
>> Marc Delisle schrieb:
>>> Sebastian Mendel a écrit :
>>>> Marc Delisle schrieb:
>>>>>> i think in most cases PMA should use $_REQUEST directly and use 
>>>>>> one of the above function only to set default values
>>>>>> using of $_REQUEST makes it more clear where this variable came 
>>>>>> from, reminding the developer always to take care with this 
>>>>>> variables!
>>>>> I don't understand why using $_REQUEST makes more clear where this 
>>>>> variable came from. In $_REQUEST, variables can come from EGPCS, as 
>>>>> defined by the variables_order directive. I think that it's better 
>>>>> to say explicitly where we expect each variable to come from.
>>>> $_REQUEST holds only $_POST, $_GET, $_COOKIE, normally in this order
>>> Not according to
>>> http://www.php.net/manual/en/ini.core.php#ini.variables-order
>> this is the order for register_globals what has not much todo with 
>  From the manual:
>     Variables provided to the script via the GET, POST, and COOKIE input 
> mechanisms, and which therefore cannot be trusted. The presence and 
> order of variable inclusion in this array is defined according to the 
> PHP variables_order configuration directive. "

yes as it reads ONLY GET, POST, and COOKIE
variables_order defines ONLY the ORDER how this three superglobals are 
merged into $_REQUEST

AND variables_order defines WHAT super_gloabls are filled

f.e. with variables_order = 'C';

only $_COOKIE is filled and $_GET, $_POST, $_ENV, $_SERVER is empty

with variables_order = 'GPCES'; all superglobals are filled

but $_REQUEST allways only holds the content of $_GET, $_POST, $_COOKIE

what leads to another problem with the default of 'GPCS' $_ENV is always 
empty but sometimes used in PMA ...

>>>> and it makes clear that this variable came from outside and has to 
>>>> be handled with care, of course the other superglobals too
>>> So why not go with the clearer way?
>> why not? i did not fully understand ...
>> what is the clearer way?
>> i prefer using $_REQUEST as the clearer way as i wrote before
>> i always prefer using superglobals than importing them into GLOBAL space
> This is a separate discussion. So you would like to refer to 
> $_REQUEST['foo'] everywhere in the code, instead of importing into a 
> global $foo?

yes, but normally this variables should only used once, when passing to 
the function/object who uses this variable ... moving PMA from 
preocedural to object oriented or at least more 'functionized'

>> and i prefer use $_REQUEST than $_POST or $_GET as sometimes its 
>> needed to change between POSTING or 'GETTING' variables, like PMA 
>> currently does with request larger than 1000 chars.
> I just wonder, since the contents of $_REQUEST _might_ be coming from 
> Environment, Server and Cookie, depending on the variables_order 
> directive, if we are not going to regret it later.

no, only from GET, POST, COOKIE

just try print_r( $_REQUEST )
you will see no variables from $_SERVER or $_ENV


More information about the Developers mailing list