[Phpmyadmin-devel] Removing of grab_globals
lists at sebastianmendel.de
Wed Dec 7 12:56:43 CET 2005
Marc Delisle schrieb:
> Sebastian Mendel a écrit :
>> Marc Delisle schrieb:
>>> Sebastian Mendel a écrit :
>>>> Marc Delisle schrieb:
>>>>>> i think in most cases PMA should use $_REQUEST directly and use
>>>>>> one of the above function only to set default values
>>>>>> using of $_REQUEST makes it more clear where this variable came
>>>>>> from, reminding the developer always to take care with this
>>>>> I don't understand why using $_REQUEST makes more clear where this
>>>>> variable came from. In $_REQUEST, variables can come from EGPCS, as
>>>>> defined by the variables_order directive. I think that it's better
>>>>> to say explicitly where we expect each variable to come from.
>>>> $_REQUEST holds only $_POST, $_GET, $_COOKIE, normally in this order
>>> Not according to
>> this is the order for register_globals what has not much todo with
> From the manual:
> Variables provided to the script via the GET, POST, and COOKIE input
> mechanisms, and which therefore cannot be trusted. The presence and
> order of variable inclusion in this array is defined according to the
> PHP variables_order configuration directive. "
yes as it reads ONLY GET, POST, and COOKIE
variables_order defines ONLY the ORDER how this three superglobals are
merged into $_REQUEST
AND variables_order defines WHAT super_gloabls are filled
f.e. with variables_order = 'C';
only $_COOKIE is filled and $_GET, $_POST, $_ENV, $_SERVER is empty
with variables_order = 'GPCES'; all superglobals are filled
but $_REQUEST allways only holds the content of $_GET, $_POST, $_COOKIE
what leads to another problem with the default of 'GPCS' $_ENV is always
empty but sometimes used in PMA ...
>>>> and it makes clear that this variable came from outside and has to
>>>> be handled with care, of course the other superglobals too
>>> So why not go with the clearer way?
>> why not? i did not fully understand ...
>> what is the clearer way?
>> i prefer using $_REQUEST as the clearer way as i wrote before
>> i always prefer using superglobals than importing them into GLOBAL space
> This is a separate discussion. So you would like to refer to
> $_REQUEST['foo'] everywhere in the code, instead of importing into a
> global $foo?
yes, but normally this variables should only used once, when passing to
the function/object who uses this variable ... moving PMA from
preocedural to object oriented or at least more 'functionized'
>> and i prefer use $_REQUEST than $_POST or $_GET as sometimes its
>> needed to change between POSTING or 'GETTING' variables, like PMA
>> currently does with request larger than 1000 chars.
> I just wonder, since the contents of $_REQUEST _might_ be coming from
> Environment, Server and Cookie, depending on the variables_order
> directive, if we are not going to regret it later.
no, only from GET, POST, COOKIE
just try print_r( $_REQUEST )
you will see no variables from $_SERVER or $_ENV
More information about the Developers