Why wasn't $_GET needed here to access the passed value?

[doug]

In the book I'm reading there is the following example, which works. Let's say this is in button.php:

<?php  $font = 'times';  if (!$size) $size = 12;  $im = ImageCreateFromPNG('button.png');  // calculate position of text  $tsize = ImageTTFBBox($size,0,$font,$text);  $dx = abs($tsize[2]-$tsize[0]);  $dy = abs($tsize[5]-$tsize[3]);  $x = ( ImageSx($im) - $dx ) / 2;  $y = ( ImageSy($im) - $dy ) / 2 + $dy;  // draw text  $black = ImageColorAllocate($im,0,0,0);  ImageTTFText($im, $size, 0, $x, $y, $black, $font, $text);  header('Content-Type: image/png');  ImagePNG($im); ?> 

The text parameter is passed in the URL as follows:http://thedomain.com/button.php?text=the+buttonMy question is, why does this work? Why didn't I have to have a line:$text = $_GET['text'];in order to grab the parameter from the URL?Isn't it dangerous to allow variables to just be set like that in the URL?doug

[boen_robot]

It's a PHP setting called Register Globals, and you're right - it's dangerous. If your host doesn't allow you to turn it off, you can turn off yourself by using the second of those scripts.

[killboy]

By the way, Register Globals will be off on PHP 6 for what boen_robot said. So you better get used to use the $_GET; it's the practice too.

[jhecht]

IT works because whoever wrote that script is not the brightest knife in the drawer.