Possible Duplicate:
Is using $GLOBALS['HTTP_GET_VARS'] deprecated?
Invalid arguements in php
I get the following response when I run script in a WAMP environment:
Warning: Invalid argument supplied for foreach() in
C:\wamp\www\GeCard\eCardScript_ecards\ecard_lib.php on line 17Warning: Invalid argument supplied for foreach() in
C:\wamp\www\GeCard\eCardScript_ecards\ecard_lib.php on line 21
This is my code:
function getPostGetVars() {
global $HTTP_POST_VARS,$HTTP_GET_VARS;
foreach ($HTTP_POST_VARS as $key => $value) { //This is line 17
global $$key;
$$key = $value;
}
foreach ($HTTP_GET_VARS as $key => $value) { //This is line 21
global $$key;
$$key = $value;
}
}
I am told that this code is deprecated. Can this piece of code be easily updated to eliminate the warnings?
Use
$_POSTand$_GETinstead of$HTTP_POST_VARSand$HTTP_GET_VARSrespectively.If you check the manual pages for
$_POSTand$_GET, you’ll see that their more verbose counterparts have been deprecated.I can’t help but notice what you are trying to do with this code essentially mirrors the function of
extract(). I would caution you from doing this because an attacker could rewrite essential variables (say$isLoggedIn) with a request and exploit the server. If you continue to do something like this I suggest usingextract()with a flag such asEXTR_PREFIX_ALLso that there are no collisions. You can prefix the get variables withget_and the post variable withpost_, for example.However, unless you truly know what you’re doing, using extract like this (or your method) is extremely dangerous in a production environment. I would advise against it completely and instead use the proper super globals to access the
$_GETand$_POSTvariables.See this post by Marc B on this vulnerability for more.