Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl Monk, Perl Meditation
 
PerlMonks  

comment on

( [id://3333]=superdoc: print w/replies, xml ) Need Help??
oh, yeah. automatic variable creation is GREAT! for those of you who aren't familiar with this, PHP's default settings cause it to look for incoming GET, POST, and COOKIE variables in a specified order and import them into the global namespace. so, if someone calls your script with foo=bar as a parameter, the variable $foo in the global namespace will be 'bar'.

however, since PHP also stores variables for system settings in this same global namespace, some of which are not always populated, it is pretty easy for a user to spoof your script by passing in variables with the correct names.

for example, when a script is running under an SSL server, the environment variable HTTPS is set to 'ON'. however, in other circustances, it is not set at all. so, if you have a custom PHP function that you want to behave differently based on whether it is called by a script under an SSL web server or not, you can't just check the value of HTTPS because it may have been passed in by the end user with HTTPS=ON. to get around this, you either have to disable the automatic variable creation by unsetting your GPC_ORDER (which is a very kludgy thing to do on a per script basis), or check to make sure that HTTPS=ON isn't in HTTP_GET_VARS, HTTP_POST_VARS, or HTTP_COOKIE_VARS, thereby eliminating the value the namespace munging had in the first place. that is just idiotic, IMHO.

i myself use PHP fairly often, so i don't by any means think it is horrible, but it definitely fails in a number of areas where Perl shines (and vice versa, occasionally).


In reply to Re: Not Inciting a Holy War by mdillon
in thread Not Inciting a Holy War, but... by Kozz

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":



  • Are you posting in the right place? Check out Where do I post X? to know for sure.
  • Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
    <code> <a> <b> <big> <blockquote> <br /> <dd> <dl> <dt> <em> <font> <h1> <h2> <h3> <h4> <h5> <h6> <hr /> <i> <li> <nbsp> <ol> <p> <small> <strike> <strong> <sub> <sup> <table> <td> <th> <tr> <tt> <u> <ul>
  • Snippets of code should be wrapped in <code> tags not <pre> tags. In fact, <pre> tags should generally be avoided. If they must be used, extreme care should be taken to ensure that their contents do not have long lines (<70 chars), in order to prevent horizontal scrolling (and possible janitor intervention).
  • Want more info? How to link or How to display code and escape characters are good places to start.
Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others having a coffee break in the Monastery: (3)
As of 2024-03-29 14:38 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found