Professional Web Applications Themes

QUERY_STRING clarification - PHP Development

from php.net $_SERVER is a superglobal. So, if I have it right, with register_globals=on, I can access $QUERY_STRING direct, but with register_globals=off, I would need to access $QUERY_STRING with $_SERVER['QUERY_STRING '] Now if my scripts were written in a register_globals=on environment, but that alters to 'off', is it 'safe' to simply reassign the variable this way at the first convenient moment? $QUERY_STRING = $_SERVER['QUERY_STRING '];...

  1. #1

    Default QUERY_STRING clarification

    from php.net
    $_SERVER is a superglobal.

    So, if I have it right, with register_globals=on, I can access $QUERY_STRING
    direct, but with register_globals=off, I would need to access $QUERY_STRING
    with $_SERVER['QUERY_STRING ']

    Now if my scripts were written in a register_globals=on environment, but
    that alters to 'off', is it 'safe' to simply reassign the variable this way
    at the first convenient moment?
    $QUERY_STRING = $_SERVER['QUERY_STRING '];




    PhilM Guest

  2. #2

    Default Re: QUERY_STRING clarification

    For QUERY_STRING, I see no harm. However, I'm not a security expert. :P

    -Wes

    ncf Guest

  3. #3

    Default Re: QUERY_STRING clarification

    It's perfectly safe. Register globals isn't dangerous in and of itself
    -- it's the misuse of it that is unsafe. In this case, you've
    guaranteed that the variable called $QUERY_STRING is in fact the same
    as $_SERVER['QUERY_STRING'] so you're ok.

    With register globals on, the danger is that someone could potentially
    set the value of $QUERY_STRING through a GET, POST, or cookie variable
    and you would never know the difference.

    ZeldorBlat Guest

  4. #4

    Default Re: QUERY_STRING clarification


    "ZeldorBlat" <com> wrote in message
    news:googlegroups.com... 

    Thx for that...
    I thought that may be the case, but wasn't real certain.
    Angst now somewhat nullified :)


    PhilM Guest

Similar Threads

  1. query_string with apache
    By ogre11 in forum Coldfusion Server Administration
    Replies: 2
    Last Post: October 23rd, 03:22 PM
  2. cfinclude with query_string
    By dmitriy1980 in forum Coldfusion - Advanced Techniques
    Replies: 3
    Last Post: October 11th, 04:34 PM
  3. P cgi.query_string
    By DixieGal in forum Macromedia ColdFusion
    Replies: 3
    Last Post: February 28th, 06:37 PM
  4. $QUERY_STRING not vaialable
    By Christian Weber in forum PHP Development
    Replies: 2
    Last Post: September 23rd, 07:02 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139