Professional Web Applications Themes

Register Globals ! - PHP Development

I have a question related to the "security" issues posed by Globals ON. It is good programming technique IMO to initialise variables, even if it's just $foo = 0; $bar = ""; Surely it would be better to promote better programming than rely on PHP to compensate for lazy programming? Of does turning RG off have some other benefit of which I am not aware? Nel -- DISCLAIMER: There is an extremely small but nonzero chance that, through a process known as "Tunnelling", this e-mail may spontaneously disappear from its present location and reappear at any random place in the ...

  1. #1

    Default Register Globals !

    I have a question related to the "security" issues posed by Globals ON.

    It is good programming technique IMO to initialise variables, even if it's
    just
    $foo = 0;
    $bar = "";

    Surely it would be better to promote better programming than rely on PHP to
    compensate for lazy programming?

    Of does turning RG off have some other benefit of which I am not aware?

    Nel


    --
    DISCLAIMER: There is an extremely small but nonzero chance that,
    through a process known as "Tunnelling", this e-mail may spontaneously
    disappear from its present location and reappear at any random place in the
    Universe, including your neighbour's domicile. The sender will not be
    responsible for any damages or inconvenience that may result.


    Nel Guest

  2. #2

    Default Re: Register Globals !

    Nel wrote:
    > I have a question related to the "security" issues posed by Globals ON.
    >
    > It is good programming technique IMO to initialise variables, even if it's
    > just
    > $foo = 0;
    > $bar = "";
    >
    > Surely it would be better to promote better programming than rely on PHP to
    > compensate for lazy programming?
    yes, that's right.
    If you program strict and in a good style register globals won't harm
    you. But what if you once forget to initialize a variable? Register
    Globals is not a real security hole, but some programmer may forget an
    initialization (for instance when many programmer work on that project).
    >
    > Of does turning RG off have some other benefit of which I am not aware?
    yes: global variables are bad.
    why would one use them? because it is easy to work with global variables.

    If register globals is Off you are more likely to use less global variables.

    for instance:
    you use in a script (not in a function, in global namespace) a variable
    called $site, and some months later an other programmer invent a new
    feature to display a table over more than one site -> he invents a GET
    param called $site to know which site actually is displayed -> you
    overwrite with your $site his GET $site and now you're in trouble.

    because PHP doesn't provide namespaces it is important to seperate the
    different 'namespaces'. $_GET has nothing to do with the global
    namespace (of course it has, but it's kind of child of $GLOBALS - so
    this is how you should use it)

    Toni Schornboeck Guest

Similar Threads

  1. Register Globals
    By Daryl Meese in forum PHP Development
    Replies: 7
    Last Post: March 22nd, 04:46 PM
  2. Session problems with register globals enabled
    By Manu J in forum PHP Development
    Replies: 1
    Last Post: October 20th, 11:55 AM
  3. Setting register globals in http.conf
    By Chris Boget in forum PHP Development
    Replies: 0
    Last Post: September 4th, 01:44 PM
  4. register globals question
    By Merlin in forum PHP Development
    Replies: 1
    Last Post: August 29th, 07:57 AM
  5. [PHP] Register Globals
    By Skate in forum PHP Development
    Replies: 3
    Last Post: July 21st, 01:01 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139