It is sometime tiring to use $HTTP_POST_VARS and $HTTP_GET_VARS to access variable passed by URLs of forms.

Few couple of minutes ago, I got an idee and wanted to discussed it.

The eval() function is used to evaluate a string as PHP commands. This mean you can create a string dynamically and evaluate it.

So you can recreate the function that Register Globals is calling when set to ON.

You can also add a prefix to each variable so you can tell which are POST and which are GET variables.



$p_address could then be the Address field of a form sent by POST method.

$g_action could be the variable sent via the URL.

This can also be used to port some PHP script that do not require high security level. Setting
will avoid you to pass by $HTTP_POST_VARS or $HTTP_GET_VARS

I do something similar, but instead of taking the full $HTTP_POST_VARS and $HTTP_GET_VARS (which by the way are disabled by default in PHP 5, use $_POST and $_GET instead) I create an array of variables I am expecting and loop through that, so that only my desired values are retrieved. In addition if you find the typing to be tedious, you could always assign the POST and GET arrays to a shorter variable name:

Yeah that's right to.
But I'm so lazy that I find tedious to do things such as
$sql="select * from table where name='".$_p["name"]."' order by id;";

I would prefer
$sql="select * from table where name='$p_name' order by id;";

You can do this:



However, a request variable should be sanitized before use in a query, so you probably wouldn't want to do it this way.

OH cool.
The sanitization can be done in a loop before a request.