什么是PHP中的register_globals? [英] What are register_globals in PHP?
问题描述
有人可以举例说明register_globals是什么吗?
并且global $user_id;被认为是全局寄存器吗?
Can someone give some examples of what register_globals are?
And is global $user_id; considered a register global?
推荐答案
register_globals指令:
The register_globals directive:
register_globals是内部PHP设置,用于将$_REQUEST数组的元素注册为变量.如果您通过POST或GET以表单的形式提交值,则将通过PHP脚本中的变量(以输入字段的名称命名)自动访问该输入的值.
register_globals is an internal PHP setting which registers the $_REQUEST array's elements as variables. If you submit a value in a form, via POST or GET, the value of that input will automatically be accessible via variable in the PHP script, named after the name of the input field.
换句话说,如果提交的表单包含username文本字段,则脚本开头的表达式($username === $_POST['username'])将返回true.
In other words, if you submitted a form containing a username text field, the expression ($username === $_POST['username']) at the very beginning of the script would return true.
它的臭名昭著归因于它打开了许多安全漏洞,特别是对于那些从安全角度而言遵循严格编码风格之外的要求的人们.
Its notoriety is attributed to the fact that it opens lots of security holes, especially for people that follow anything less than a strict coding style from a security perspective.
经典示例:
if(user_is_admin($user))
{
$authorized = true;
}
if($authorized)
{
// let them do anything they want
}
现在,如果您在Web浏览器中访问了该脚本,并且服务器打开了register_globals,则只需将?authorized=1附加到URL即可启用上帝模式!
Now, if you visited that script in a web browser and the server had register_globals on, you could simply append ?authorized=1 to the URL and god-mode would be enabled!
global关键字:
The global keyword:
global是与register_globals无关的关键字.
global is a keyword has little to do with register_globals.
以下是其用法示例:
$foo = 'bar';
baz();
function baz()
{
echo $foo; // PHP warns you about trying to use an uninitialized variable
// and nothing is output (because $foo doesn't exist here)
}
buzz();
function buzz()
{
global $foo; // Enables the use of $foo in this scope
echo $foo; // Prints 'bar' to screen
}
这篇关于什么是PHP中的register_globals?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
