[Phpmyadmin-devel] Re: Removing of grab_globals
Marc Delisle
Marc.Delisle at cegepsherbrooke.qc.ca
Wed Dec 7 16:18:06 CET 2005
Michal Čihař a écrit :
> Hi
>
> On Wed 7. 12. 2005 20:48, Marc Delisle wrote:
>
>> From the manual:
>>"$_REQUEST
>>
>> Variables provided to the script via the GET, POST, and COOKIE
>>input mechanisms, and which therefore cannot be trusted. The presence
>>and order of variable inclusion in this array is defined according to
>>the PHP variables_order configuration directive. "
>
>
>
> Yes, so there are variables from GET, POST, and COOKIE and their
> preference is defined by variables_order.
>
>
>>This is a separate discussion. So you would like to refer to
>>$_REQUEST['foo'] everywhere in the code, instead of importing into a
>>global $foo?
>
>
> Yes. You can then perfectly see that this variable is potentially
> dangerous. Putting everything in global namespace hides this
> difference.
>
Ok I agree.
Another point: having a look at $GLOBALS, can we put all strSomething
messages somewhere else? I'm afraid that we don't have a choice. Maybe
they could be in a cute array under $GLOBALS but this produces much
recoding everywhere.
More information about the Developers
mailing list