[Phpmyadmin-devel] Removing of grab_globals

Marc Delisle Marc.Delisle at cegepsherbrooke.qc.ca
Wed Dec 7 13:12:03 CET 2005


Sebastian Mendel a écrit :
> Marc Delisle schrieb:
> 
>> Sebastian Mendel a écrit :
>>
>>> Marc Delisle schrieb:
>>>
>>>> Sebastian Mendel a écrit :
>>>>
>>>>> Marc Delisle schrieb:
>>>>>
>>>>>>> i think in most cases PMA should use $_REQUEST directly and use 
>>>>>>> one of the above function only to set default values
>>>>>>>
>>>>>>> using of $_REQUEST makes it more clear where this variable came 
>>>>>>> from, reminding the developer always to take care with this 
>>>>>>> variables!
>>>>>>
>>>>>>
>>>>>> I don't understand why using $_REQUEST makes more clear where this 
>>>>>> variable came from. In $_REQUEST, variables can come from EGPCS, 
>>>>>> as defined by the variables_order directive. I think that it's 
>>>>>> better to say explicitly where we expect each variable to come from.
>>>>>
>>>>>
>>>>> $_REQUEST holds only $_POST, $_GET, $_COOKIE, normally in this order
>>>>
>>>>
>>>> Not according to
>>>> http://www.php.net/manual/en/ini.core.php#ini.variables-order
>>>
>>>
>>> this is the order for register_globals what has not much todo with 
>>> $_REQUEST
>>
>>
>>  From the manual:
>> "$_REQUEST
>>
>>     Variables provided to the script via the GET, POST, and COOKIE 
>> input mechanisms, and which therefore cannot be trusted. The presence 
>> and order of variable inclusion in this array is defined according to 
>> the PHP variables_order configuration directive. "
> 
> 
> yes as it reads ONLY GET, POST, and COOKIE
> variables_order defines ONLY the ORDER how this three superglobals are 
> merged into $_REQUEST

Ok I understand now.

> 
> AND variables_order defines WHAT super_gloabls are filled
> 
> f.e. with variables_order = 'C';
> 
> only $_COOKIE is filled and $_GET, $_POST, $_ENV, $_SERVER is empty
> 
> with variables_order = 'GPCES'; all superglobals are filled
> 
> but $_REQUEST allways only holds the content of $_GET, $_POST, $_COOKIE
> 
> 
> what leads to another problem with the default of 'GPCS' $_ENV is always 
> empty but sometimes used in PMA ...

Hmmm let's remember this...
> 
> 
>>>>> and it makes clear that this variable came from outside and has to 
>>>>> be handled with care, of course the other superglobals too
>>>>
>>>>
>>>> So why not go with the clearer way?
>>>
>>>
>>> why not? i did not fully understand ...
>>> what is the clearer way?
>>>
>>> i prefer using $_REQUEST as the clearer way as i wrote before
>>>
>>> i always prefer using superglobals than importing them into GLOBAL space
>>
>>
>> This is a separate discussion. So you would like to refer to 
>> $_REQUEST['foo'] everywhere in the code, instead of importing into a 
>> global $foo?
> 
> 
> yes, but normally this variables should only used once, when passing to 
> the function/object who uses this variable ... moving PMA from 
> preocedural to object oriented or at least more 'functionized'
> 
> 
>>> and i prefer use $_REQUEST than $_POST or $_GET as sometimes its 
>>> needed to change between POSTING or 'GETTING' variables, like PMA 
>>> currently does with request larger than 1000 chars.
>>
>>
>> I just wonder, since the contents of $_REQUEST _might_ be coming from 
>> Environment, Server and Cookie, depending on the variables_order 
>> directive, if we are not going to regret it later.
> 
> 
> no, only from GET, POST, COOKIE
> 
> just try print_r( $_REQUEST )
> you will see no variables from $_SERVER or $_ENV
> 






More information about the Developers mailing list