Wrox Programmer Forums
Go Back   Wrox Programmer Forums > PHP/MySQL > Beginning PHP
Beginning PHP Beginning-level PHP discussions. More advanced coders should post to the Pro PHP forum.
Welcome to the p2p.wrox.com Forums.

You are currently viewing the Beginning PHP section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
Old June 12th, 2003, 11:22 AM
Registered User
Join Date: Jun 2003
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts

Weel... as NotNowJohn has said, if register_globals=off, the Frank's solution won't work. If register_globals=on, it works, but you're actually using a copy of the variable, not the variable itself. So, if you're trying to use an environment variable, for example, using $_ENV['nameofvariable'] assures that. If you use the copy, I mean, only $nameofvariable, its value can be changed by the url. It seems a bit dangerous, doesn't it? The performance (because php needs to copy the values of environment, get, post, session and cookies variables) is decreased...
In other words, keep register_globals=off and get used to it.

Old June 13th, 2003, 12:32 AM
Authorized User
Join Date: Jun 2003
Posts: 26
Thanks: 0
Thanked 0 Times in 0 Posts

Hi all,

thanks for reply, I'm discovering right now the greate flexibility of $HTTP_GET_VARS and $HTTP_POST_VARS.

Old June 19th, 2003, 12:55 PM
Friend of Wrox
Join Date: Jun 2003
Posts: 836
Thanks: 0
Thanked 0 Times in 0 Posts

Do _NOT_ use $HTTP_xxx_VARS. Use $_xxx instead.

HTTP_xxx_VARS was deprecated a long time ago now. They still work but they act quite differently than their $_xxx superglobal counterparts.

$_xxx vars are "superglobals", whereas $HTTP_xxx_VARS are regular variables. That means that $_xxx is always in scope, even within a function. You don't have to import it into function or class scope.

Also -- the variables stored in HTTP_xxx_VARS are COPIES of the values in the superglobals. Changing one does not change the other. Same thing with $_REQUEST.

$_REQUEST is also a Bad Thing (imho) because you, the programmer, should know where your data is coming from. When you use $_REQUEST, you're saying "I'll take this value from wherever it comes in, be it GET, POST, or SESSION."

That sounds a lot like a lazy assumption, and laziness is the root of almost all bugs and security holes.

With $_REQUEST, there is always the chance that there will be variable naming conflicts. Suppose you have a session variable named "username", and someone submits a form with an input field named "username". If, on the recieving page of that script, you access the value via $_REQUEST['username'], which username are you getting?

Are you sure it's the right one? Why not always be explicit?

For more info, read my old FAQ at:


Take care,


Similar Threads
Thread Thread Starter Forum Replies Last Post
SQL query retrieving last record and group by snowy SQL Language 2 December 13th, 2006 01:59 PM
Problem retrieving string value of XML document wslyhbb Javascript How-To 0 September 19th, 2006 08:16 AM
Query String Baby_programmer ASP.NET 1.0 and 1.1 Basics 3 December 24th, 2004 11:14 AM
Quotes in SQL String Retrieving Access Data ritag Access VBA 5 November 17th, 2004 06:04 PM

Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright (c) 2020 John Wiley & Sons, Inc.