Important alert: (current site time 7/15/2013 11:21:10 AM EDT)

They're finally here! Check out our new 7 Source Code CDs!
The brand newrevamped discussion board is here

Don't let autoglobals=0 get you down

Submitted on:	12/2/2002 7:38:53 AM
By:	Networking.be
Level:	Beginner
User Rating:	By 4 Users
Compatibility:	PHP 3.0, PHP 4.0
Views:	10806

(About the author)

A good thing to do is to never rely on autoglobals. They might just be turned off. For those not familiar with how autoglobals work, if you call a page say test.php?foo=bar, autoglobals allow you to access foo by using $foo, rather than using $_GET['foo']. However, if autoglobals are off, $foo will give a warning, and it's value will be empty rather than 'bar'. This little piece of code mimics autoglobals, thus preventing you from having to rewrite entire applications because they relied on autoglobals. Note that as of PHP 4.2, autoglobals are off by default.

Terms of Agreement:
By using this article, you agree to the following terms...

You may use this article in your own programs (and may compile it into a program and distribute it in compiled format for languages that allow it) freely and with no charge.
You MAY NOT redistribute this article (for example to a web site) without written permission from the original author. Failure to do so is a violation of copyright laws.
You may link to this article from another website, but ONLY if it is not wrapped in a frame.
You will abide by any additional copyright restrictions which the author may have placed in the article or article's description.

				As PHP documentation specifies, you should not rely on autoglobals, so if you are a clean programmer, you probably don't need this code.

However, those off you who decided to go for the time gain offered by autoglobals might just need this.
The code makes use of variable variables, a feature not that many languages posses. We just loop throug each variable in $_GET and $_POST, and assign it to the correspondending $variable.
while(list($key,$value)= each($_POST)) {
	$tmp = $key;
	$$tmp = $value;		
}	
while(list($key,$value)= each($_GET)) {
	$tmp = $key;
	$$tmp = $value;		
}	
if (isset($test)) {
	echo "Test is set: $test";
} else {
	echo "Test not set";
}

In order to test this example, ENABLE autoglobals on your server.
Point to the page, and set the test variable (http://yourserver/test.php?test=123).
You will see that the page will say that $test is set.

Now DISABLE autoglobals. Reload the page, and you'll see that $test is still set.
Finally, comment away the two while loops and reload the page. You will now see that $test isn't set.
The best use of this is to paste the code into a seperate file, and include the file at the beginning of the page that requires its functionallity.

Report Bad Submission

Use this form to tell us if this entry should be deleted (i.e contains no code, is a virus, etc.).
This submission should be removed because:

Your Vote

What do you think of this article (in the Beginner category)?
(The article with your highest vote will win this month's coding contest!)
Excellent Good Average Below Average Poor (See voting log ...)

Other User Comments

12/2/2002 3:33:38 PM: Charles Chadwick

"However, if autoglobals are off, $foo will give a warning, and it's value will be 'foo' rather than 'bar'."

Actually, in my experience, foo would equal nothing. Perhaps I have something else in my settings different.
(If this comment was disrespectful, please report it.)

12/2/2002 3:43:04 PM: Cakkie

Sorry, I got that mixed up with something else (if you try to address foo rather than $foo, it will interpret it as a constant with value foo). I changed the tutorial. Thanks
(If this comment was disrespectful, please report it.)

12/17/2002 1:05:00 PM:

Very nice, I really like this. The only thing I changed was the order of the POST and GET assignment, so that it would mimic register_globals more closely (which assigns the POST variables last). 5/5.
(If this comment was disrespectful, please report it.)

12/20/2002 8:14:25 AM:

God bless you man! That was a great problem solver. Please Keep in touch as I might have some other problems coming up in my way.
(If this comment was disrespectful, please report it.)

12/20/2002 8:15:12 AM:

God bless you man! That was a great problem solver. Please Keep in touch as I might have some other problems coming up in my way.My email address is
chinmaya2000@hotmail.com
(If this comment was disrespectful, please report it.)

12/24/2002 6:29:37 AM:

it's possible to use this way:
if ((str_replace(".","", phpversion()) >= 420)&&(!ini_get( 'register_globals' )))
eval('import_request_variables( "gpc", "" );');

(If this comment was disrespectful, please report it.)

1/1/2003 8:58:10 AM:

The same can actually also be done by using the extract() function.
(If this comment was disrespectful, please report it.)

1/13/2003 10:13:53 AM:

while(list($key,$value)= each($_REQUEST)) {
$tmp = $key;
$$tmp = $value;
}

This code will check both $_POST and $_GET.
(If this comment was disrespectful, please report it.)

3/29/2003 9:38:35 PM:

Here's the code for how to do it with extract(), much simpler... (giving posted variables priority over get variables)

extract($_POST);
extract($_GET);
(If this comment was disrespectful, please report it.)

8/31/2003 2:05:09 PM: ssajith

I think the above code fails if we have an array of variables.. being passed from a form. For eg. If i have a series of checkboxes with the name chk[] for each; I can get them as array in the submitted page. But if I used the above code.. I will loose the value of chk.

If not please tell me how.
(If this comment was disrespectful, please report it.)

4/4/2008 6:06:32 PM: Marc ''InSp3KtaH'' Giroux

What the *****.. Auto-globals are the worst thing ever .. so who relies on it? bad programmers .. if you are not sure if the autoglobals are on or off .. just set them off in your htaccess... please for the love of god... never rely on them... its the single biggest security hole in PHP ... so this tutorial should be : auto-globals = Bad .. just use the $_GET, $_POST arrays .. its that hard .. is it?
(If this comment was disrespectful, please report it.)

4/5/2008 9:52:02 AM: Ivo Smits

You should not use autoglobals at all! It is a huge security risk as users may be able to inject other variables into your application ($_SESSION for example!), which you obviously don't want.

It's much better to use $_POST[] and $_GET[] instead.
(If this comment was disrespectful, please report it.)

Add Your Feedback

Your feedback will be posted below and an email sent to the author. Please remember that the author was kind enough to share this with you, so any criticisms must be stated politely, or they will be deleted. (For feedback not related to this particular article, please click here instead.)

To post feedback, first please login.

Don't let autoglobals=0 get you down

Newest postings for PHP.

How to create high level secure login system

Multiple Event Calendar "Evencal" with Codeigniter framework

Unique ID identifier

Number To Words Converter

Square and Cubed Values

Proxy, 4 view bloqued pages by fortiguard o firewall

iFmup - Image upload manager for TinyMCE

IMSI to IMSI_M converter

PHP output to PDF

Browser Detector

Writing and Reading a Text File

Paging of Records

Export to CSV from database

download

Import CSV to mySQL

e-commerce

Database operation using

FILE - upload download

Upload File

One Time Pad in PHP

imoel-cms0.1.4

Display Records

Delete using PHP

Update using PHP

Database Insert using PHP

Daily code email

This site on CD

Code/Articles

Top Code

Community

Jobs

Other

Goto…