Home/ Questions/Q 5839145
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-22T11:32:45+00:00

I know that the use of $HTTP_GET_VARS is deprecated but what about using $GLOBALS[‘HTTP_GET_VARS’]

  • 0

I know that the use of $HTTP_GET_VARS is deprecated but what about using $GLOBALS['HTTP_GET_VARS']? Is that array key likely to disappear in the future?

I basically have the following all over a legacy project that I need to integrate with a CMS and I don’t really want to have to update it unless strictly necessary.

function table_manager_import_vars($var) {
   $vars = explode(",", $var);

   foreach($vars AS $var) {
       switch ($var) {
           case "G":
               $var = "HTTP_GET_VARS";
               break;
           case "P":
               $var = "HTTP_POST_VARS";
               break;
           case "C":
               $var = "HTTP_COOKIE_VARS";
               break;
           case "S":
               $var = "HTTP_SESSION_VARS";
               //session_start();
               break;
           case "E":
               $var = "HTTP_SERVER_VARS";
               break;
       }
       if (isset($GLOBALS[$var])) {
           if (is_array($GLOBALS[$var])) {
               foreach($GLOBALS[$var] AS $var1 => $value) {
                   if ($var1 != $var) {
                       $GLOBALS[$var1] = $value;
                   }
               }
           }
       }
   }
}
// called like this
table_manager_import_vars("G,P,C,S,E");

And yes you guessed it there is a function like this for every aspect of the project just with a different name each time!!

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Your question:

    Is using $GLOBALS[‘HTTP_GET_VARS’] deprecated?

    Answer:

    Yes it is.

    http://www.php.net/manual/en/reserved.variables.get.php

    This page explicitly states that $HTTP_GET_VARS has been deprecated and you should use $_GET instead.

    $HTTP_GET_VARS is the same thing as $GLOBALS['HTTP_GET_VARS']. And therefore it is also deprecated for the reason. (note that all variables defined at the global scope can be referenced using $GLOBALS['variablename'])

    By the way: When it comes to working with legacy code that uses $HTTP_GET_VARS, I know you said you want to avoid changing the code if you can avoid it, but it’s worth pointing out that code of this age is likely to have big issues when run in a modern PHP installation, as older versions of PHP would have assumed things like magic_quotes being in use. If you run the same code in a newer version of PHP you won’t have magic_quotes, so you should make sure the data is escaped properly.

    Looking at the whole code that you’ve got there, it looks like it’s trying to copy all the variables in the various HTTP_***_VARS arrays into the globlal scope. This is functionality that was done automatically in really old versions of PHP, but was dropped because it causes massive security issues. I seriously recommend dropping that whole bit of code and converting everying to use $_GET instead. You might want to google for register_globals for more info on why this is a bad thing.

    • 0