[Phpmyadmin-devel] Removing of grab_globals
Marc Delisle
Marc.Delisle at cegepsherbrooke.qc.ca
Wed Dec 7 13:12:03 CET 2005
Sebastian Mendel a écrit :
> Marc Delisle schrieb:
>
>> Sebastian Mendel a écrit :
>>
>>> Marc Delisle schrieb:
>>>
>>>> Sebastian Mendel a écrit :
>>>>
>>>>> Marc Delisle schrieb:
>>>>>
>>>>>>> i think in most cases PMA should use $_REQUEST directly and use
>>>>>>> one of the above function only to set default values
>>>>>>>
>>>>>>> using of $_REQUEST makes it more clear where this variable came
>>>>>>> from, reminding the developer always to take care with this
>>>>>>> variables!
>>>>>>
>>>>>>
>>>>>> I don't understand why using $_REQUEST makes more clear where this
>>>>>> variable came from. In $_REQUEST, variables can come from EGPCS,
>>>>>> as defined by the variables_order directive. I think that it's
>>>>>> better to say explicitly where we expect each variable to come from.
>>>>>
>>>>>
>>>>> $_REQUEST holds only $_POST, $_GET, $_COOKIE, normally in this order
>>>>
>>>>
>>>> Not according to
>>>> http://www.php.net/manual/en/ini.core.php#ini.variables-order
>>>
>>>
>>> this is the order for register_globals what has not much todo with
>>> $_REQUEST
>>
>>
>> From the manual:
>> "$_REQUEST
>>
>> Variables provided to the script via the GET, POST, and COOKIE
>> input mechanisms, and which therefore cannot be trusted. The presence
>> and order of variable inclusion in this array is defined according to
>> the PHP variables_order configuration directive. "
>
>
> yes as it reads ONLY GET, POST, and COOKIE
> variables_order defines ONLY the ORDER how this three superglobals are
> merged into $_REQUEST
Ok I understand now.
>
> AND variables_order defines WHAT super_gloabls are filled
>
> f.e. with variables_order = 'C';
>
> only $_COOKIE is filled and $_GET, $_POST, $_ENV, $_SERVER is empty
>
> with variables_order = 'GPCES'; all superglobals are filled
>
> but $_REQUEST allways only holds the content of $_GET, $_POST, $_COOKIE
>
>
> what leads to another problem with the default of 'GPCS' $_ENV is always
> empty but sometimes used in PMA ...
Hmmm let's remember this...
>
>
>>>>> and it makes clear that this variable came from outside and has to
>>>>> be handled with care, of course the other superglobals too
>>>>
>>>>
>>>> So why not go with the clearer way?
>>>
>>>
>>> why not? i did not fully understand ...
>>> what is the clearer way?
>>>
>>> i prefer using $_REQUEST as the clearer way as i wrote before
>>>
>>> i always prefer using superglobals than importing them into GLOBAL space
>>
>>
>> This is a separate discussion. So you would like to refer to
>> $_REQUEST['foo'] everywhere in the code, instead of importing into a
>> global $foo?
>
>
> yes, but normally this variables should only used once, when passing to
> the function/object who uses this variable ... moving PMA from
> preocedural to object oriented or at least more 'functionized'
>
>
>>> and i prefer use $_REQUEST than $_POST or $_GET as sometimes its
>>> needed to change between POSTING or 'GETTING' variables, like PMA
>>> currently does with request larger than 1000 chars.
>>
>>
>> I just wonder, since the contents of $_REQUEST _might_ be coming from
>> Environment, Server and Cookie, depending on the variables_order
>> directive, if we are not going to regret it later.
>
>
> no, only from GET, POST, COOKIE
>
> just try print_r( $_REQUEST )
> you will see no variables from $_SERVER or $_ENV
>
More information about the Developers
mailing list