register_globals (was Re: PHP Security Hole)

This is kind of a topic modulation from the original
thread but it's on the general topic.

I recently (read belatedly) discovered that
register_globals is destined to become ever more
strongly deprecated, then eliminated from PHP.
(Footnote to the uninitiated:  when register_globals
is set to "on" in PHP's configuration, a variable
named "foo"  coming in as either GET, POST or a cookie
is automatically available simply as $foo)

I'm certain this too is a Good Thing over the long
term. In the short term, it's brutal. I wrote a number
of naive PHP scripts, now in production, that rely on
register_globals (largely guided by PHP tutorials that
presented this feature as though it was the coolest
thing). Now I have to start fixing these scripts one
by one. True, if it comes to that, you can keep using
your earlier PHP version while the rest of the world
moves on, but I don't think that's the best option.

I wonder if anyone has any ideas about strategies. My
thought is, copy your PHP files to your local machine
where PHP has register_globals turned off, and hack
hack hack until they work. Gradually patterns should
emerge and the migration should pick up speed, I hope.

Thanks,

David Mintz
Spanish Interpreter
US District Court, Southern District of New York
Web Design & Hosting http://www.dmintzweb.com/
Personal http://www.panix.com/~dmintz/

"You want me to pour the beer, Frank?

__________________________________________________
Do You Yahoo!?
Try FREE Yahoo! Mail - the world's greatest free email!
http://mail.yahoo.com/

HWG: hwg-languages mailing list archives, maintained by Webmasters @ IWA