Why does the PHP universe do this?

Something odd, that I sort of have figured out. It’s an opportunity to learn something new and useful, but I’m not quite there yet.

I got XAMPP installed and up and running last month, that was great actually, pretty much exactly to plan as far as the instructions I found online. That, coupled to my lack of almost any memory of having to do much at all to install it, meant that whatever I did do, couldn’t have been much.

I tend not to re-start my computer too often, as these new modern OSes don’t crash every 12 hours or so (like they used to, for me). Maybe I haven’t rebooted since fiddling around with my PHP configuration so I can learn PHP, but I could have sworn I did.

In any case, what happened was that after installing OS X 10.6, I restarted the system and boom, my nice little page I’d been fiddling with on my local webserver had stopped working, and the XAMPP Welcome page that I’d gotten used to seeing was showing an error message itself.

The XAMPP page was showing up an error message in code for the examples file, where the variable $PHP_SELF was reported “not defined” on line 166.

My own work page came up with an error message relating to the MySQL userID/password not working. That was because I’d changed from requiring a password to not requiring one. I’ve since changed back, thank you, but I’m still not sure how you go about doing secure database access, especially when you’re writing web content.

The biggest problem was tracking down the source code file that had the issue–I had to use the Spotlight program on my MacBook, but grep would have worked too. I had written (as part of my education) a little script to start up a connection to the MySQL server, and I would never have remembered it in a log time; it would have taken me only slightly less time to actually read through the main script to find (and figure out the significance of) that script file.

But, that problem was easily solved; the XAMPP variable problem was a bit more problematic. But not much more: it turns out that when you have register_globals turned on, you can use things like $PHP_SELF as a pre-defined variable. When you set register_globals off, though, any program (like the XAMPP demo program that loads as part of the Welcome page) that uses $PHP_SELF (for example) will crap out.

So, if I were more confident in my coding ability, I would have remediated that particular variable assignment by making it correct. Perhaps I should say instead, if I knew how to do that kind of variable assignment correctly, I would have done so. Instead, I just set register_globals back on, and went about my business.

But why was register_globals set to off in the first place? Because, IIRC, the PHP book with which I was studying told me that they should be turned off–as does the ini.php configuration file itself, in comments:

; You should do your best to write your scripts so that they do not require
; register_globals to be on; Using form variables as globals can easily lead
; to possible security problems, if the code is not very well thought of.

In other words, on one hand, I’m told to turn it off, on the other, to turn it on. Can’t we all just get along and figure out which is right?

I know it should probably be turned off so you don’t get stuck, like I did, but then again, that demo program that failed, I didn’t write that–someone who should have known better did. That’s what grinds my gears.

But more important, my learning opportunity is simply figuring out how to declare that variable correctly, and fixing it in the code from XAMPP. I’ll try again, later.

This entry was posted in learning to program, PHP. Bookmark the permalink.