[UPHPU] $GLOBALS and global best practices

Steve Meyers steve-uphpu at spamwiz.com
Mon Nov 7 15:12:22 MST 2011


On 11/7/11 3:05 PM, Daniel C. wrote:
> Not necessarily.  The old import() function appears to be gone (thank
> goodness) but we still have import_request_variables() and extract()
> which appear somewhat better than import() but could still potentially
> land you in the same boat:
>
> http://us.php.net/manual/en/function.import-request-variables.php
> http://us.php.net/manual/en/function.extract.php

Yes, but we're still operating under the assumption that security 
doesn't matter, since you're importing arbitrary variables into your 
namespace.

Steve


More information about the UPHPU mailing list