Everyone seems to recommend turning off register_globals, but accessing them
through $HTTP_POST_VARS["var_name"], gets tedious.
I haven't found a better solution (not to say there isn't one) than this
small snippet.
The idea is to turn off "register_globals", as I believe is heavily
recommended by the PHP team, and declare what variables you are expecting on
a per script basis.
Magic-quotes would also be off. Hopefully this makes all external variables
safe.
I was hoping some experienced users would cast their eye over this and
suggest any improvements, and comment if it is worth doing at all
define("ALLOWABLE_HTML_TAGS", "<B><H1>");
function use_ext_var($var_name, $var_location)
{
global $$var_name, $$var_location;
$$var_name = ${$var_location}[$var_name];
$$var_name = stripslashes($$var_name);
$$var_name = strip_tags($$var_name, ALLOWABLE_HTML_TAGS);
}
use_ext_var("sample_var", "HTTP_GET_VARS");
print $sample_var;
How are other people handling this, or are most of you 'lazy' and just use
globals :)
Regards
D Robinson
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
