1

I have seen most of the developers use $name instead of $_GET['name'] and $domain instead of $_POST['domain'], is this shorthand by php5 and is it safe or any documentation for it.

Improve this question

2 Answers 2

Reset to default
5

This works because they're using the (ill-advised and now thankfully deprecated) register_globals feature. (See the PHP manual section on Using Register Globals for the full low-down including security related information.)

I'd really recommend not using this approach and explicitly using the $_POST or $_GET variables instead, as there's a potential world of security issues that await you otherwise.

Improve this answer
Sign up to request clarification or add additional context in comments.

8 Comments

Further, if you're reading code that takes advantage of register_globals, you should be aware that the code in question is ancient and outdated. If the code you're reading is from a tutorial, I'd advise no longer trusting the site hosting it. Really, you shouldn't trust any PHP tutorials older then 3-4 years...
@Charles So, very, very, true. :-)
'oscommerce' still requires register_globals out-of-the-box, though there is a module that fixes that. But simply seeing that moronic requirement was enough to nuke that system from my list of ecommerce solutions I was testing for a client.
@Charles I have seen this approach on many open source projects, but this doesn't work at my VPS.
@seoppc, the use of register_globals in any code is a sure sign that you don't want to use it, open source or not.
|
1

The examples you listed are only available if register_globals is set. It is deprecated as of PHP 5.3 and should not be used as it is a security risk among other things.

Read more from the docs - http://php.net/manual/en/security.globals.php

Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.