0

I have something like:

    if(isset($_POST['submit']))
    {
    $linktitle=strtolower(str_replace(" ","-",$title));

etc.

$linktitle and $title are actually variables from $_POST - ie $_POST['linktitle'] and $_POST['title']. Somehow, even though (as far as I can see!) I haven't extract()ed $_POST at this stage in the code, it is still working - PHP is understanding that $title is referring to $_POST['title']. Could anyone please explain why this might be?

Thanks!

ps. Sorry, but I really can't get this inline code quote formatting thing to work...!

Improve this question

3 Answers 3

Reset to default
3

register_globals is enabled in your PHP instance. See here for more info.

This is behaviour that should be relied upon as it's use is now deprecated. You will find that you can still use $_POST['keyname'] as well as $keyname, and that is what you should refer to in your code.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

Your php.ini file must have register_globals enabled, so GPC variables are being added to the symbol table. This is why you see this behaviour. See the security risks of such a feature here

Improve this answer

Comments

1

You have register globals activated in your webserver (php.ini), so PHP replace the unknoe variables with the corresponding GET or POST value. This option is deprecated and dangerous! Disable it if you can!

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.