In my old project, post variables used as $var_name instead of $_post["var_name"]. So i need to change code in all files. So do i want to change anything((Auto extracting option)) in php.ini to handle this without changing coding. thanks.
4 Answers
Your old project used a now deprecated (since 5.3) and removed (since 5.4) feature called "register globals". Please read on why this feature was removed: http://php.net/manual/en/security.globals.php
In short, no, you do not want to change php.ini so that your old application can work. Instead, you will more likely want to repair your old application to work without register globals.
That said, if this is not a public facing application or security is not an issue, there is a way you can configure php.ini even for PHP 5.4 to have your application work.
WARNING: this involves changing your php.ini file so that the effects of register globals is emulated. This means all PHP scripts will be subjected to the effects of register globals, not just the ones you want.
As mentioned, extract($_REQUEST); will essentially accomplish what register globals used to. Now, using the auto_prepend_file directive, you can run this line of code before every script.
That is, save this file somewhere (preferably in your PHP include path) and, say, call it register_globals.php.
<?php
extract($_POST);
Now in php.ini, add this line (the path may be relative to your PHP include path).
auto_prepend_file = "register_globals.php" ; emulates register_globals
The effect of this change is that require("register_globals.php"); happens before any script runs.
4 Comments
Your Common Sense
Warning Do not use extract() on untrusted data, like user input (i.e. $_GET, $_FILES, etc.). If you do, for example if you want to run old code that relies on register_globals temporarily, make sure you use one of the non-overwriting extract_type values such as EXTR_SKIP and be aware that you should extract in the same order that's defined in variables_order within the php.ini.
erisco
I do not understand a couple of things Col. Shrapnel. First, what is meant by using register_globals temporarily? Second, what is the significance of using a non-overwriting extract option if the call to
extract is the first thing done in the script? But, yes, I do agree that the order of extraction (if there are conflicts) might come into play, but I don't agree that it must match that of variables_orders, unless consistency with that directive is paramount.Your Common Sense
So, if you do not understand basic things, you'd better ask than answer.
erisco
I am offended by the tone Col. Shrapnel. I admit there is something I may have missed that is important about register_globals that is not captured correctly by extract. I asked for clarification in my previous comment because I do not yet understand your reasoning, not because I am intending to say your reasons are wrong. I'm trying to help Act DEV, and I appreciate your guidance.
I understand your reluctance to change a lot of code, but bad design should be corrected, regardless of the hassle it implies. Change your globals to proper post variables or you will later come to regret it. There's a 99% chance you will eventually reach this conclusion yourself, might as well do it now.
1 Comment
John Cartwright
I was wondering why nobody was bashing the band-aid approaches.
You need to enable register_globals in your php.ini file. Look at this page for more details - http://php.net/manual/en/ini.core.php.
1 Comment
Act DEV
Anupam Jain... Thanks a lot :-)
register_globals was an old way of getting the submitted values with there name as variable rather than post,get , request variables. But this is deprecated in newer version. You need to your code for this to accept $_post['email'] instead of $email.
