1
It is sometime tiring to use $HTTP_POST_VARS and $HTTP_GET_VARS to access variable passed by URLs of forms.
Few couple of minutes ago, I got an idee and wanted to discussed it.
The eval() function is used to evaluate a string as PHP commands. This mean you can create a string dynamically and evaluate it.
So you can recreate the function that Register Globals is calling when set to ON.
You can also add a prefix to each variable so you can tell which are POST and which are GET variables.
$post_prefix="p_";
$get_prefix="g_";
$cmd="";
while(list($key,$val)=each($HTTP_GET_VARS)) {
$cmd.="$".$get_prefix.$key."="".$val."";";
}
while(list($key,$val)=each($HTTP_POST_VARS)) {
$cmd.="$".$post_prefix.$key."="".$val."";";
}
eval($cmd);
$p_address could then be the Address field of a form sent by POST method.
$g_action could be the variable sent via the URL.
This can also be used to port some PHP script that do not require high security level. Setting
$post_prefix="";
$get_prefix="";
will avoid you to pass by $HTTP_POST_VARS or $HTTP_GET_VARS