[thelist] PHP Includes

Michael Pemberton pemberton_m at hotmail.com
Tue Jan 1 22:54:19 CST 2002

I know this is an old warning, but using variables in this fashion is very 

Here's what php.net had to say about the new system:

To help users build PHP applications with register_globals being off, we've 
added several new special variables that can be used instead of the old 
global variables. There are 7 new special arrays:

$_GET - contains form variables sent through GET
$_POST - contains form variables sent through POST
$_COOKIE - contains HTTP cookie variables
$_SERVER - contains server variables (e.g., REMOTE_ADDR)
$_ENV - contains the environment variables
$_REQUEST - a merge of the GET variables, POST variables and Cookie 
variables. In other words - all the information that is coming from the 
user, and that from a security point of view, cannot be trusted.
$_SESSION - contains HTTP variables registered by the session module

Now, other than the fact that these variables contain this special 
information, they're also special in another way - they're automatically 
global in any scope. This means that you can access them anywhere, without 
having to 'global' them first. For example:

For those using the previous versions of PHP, the old array names are 
rest off the top of my head, sorry.

>From: "John Corry" <john at neoncowboy.com>
>link.php?var=foo.inc would allow you to call the include like:
><?php include("$var"); ?>
>Variables are immediately accessible when passed via querystring.

Join the world’s largest e-mail service with MSN Hotmail. 

More information about the thelist mailing list