From 9ec7249d5744ce41c6a3649b23d6fe524549adf7 Mon Sep 17 00:00:00 2001
From: Maciej Sobaczewski <sobak@php.net>
Date: Sat, 17 May 2014 05:08:40 +0000
Subject: [PATCH] Rewritten to focus on currently supported methods of
 accessing user input

git-svn-id: https://svn.php.net/repository/phpdoc/en/trunk@333549 c90b9560-bf6c-de11-be94-00142212c4b1
---
 language/variables.xml | 133 +++++++++++++++++++++++++----------------
 1 file changed, 82 insertions(+), 51 deletions(-)

diff --git a/language/variables.xml b/language/variables.xml
index 37c5a7f0f9..f205d5edcd 100644
--- a/language/variables.xml
+++ b/language/variables.xml
@@ -813,8 +813,8 @@ I am B.
 
     <simpara>
      When a form is submitted to a PHP script, the information from 
-     that form is automatically made available to the script.  There 
-     are many ways to access this information, for example:
+     that form is automatically made available to the script. There 
+     are few ways to access this information, for example:
     </simpara>
 
     <para>
@@ -833,58 +833,59 @@ I am B.
     </para>
 
     <para>
-     Depending on your particular setup and personal preferences, there 
-     are many ways to access data from your HTML forms.  Some examples are:
+     As of PHP 5.4.0, there are only two ways to access data from your HTML forms.
+     Currently availiable methods are listed below:
     </para>
 
-    <!-- FIXME PHP_6 register_long_arrays removal alert -->
     <para>
      <example>
       <title>Accessing data from a simple POST HTML form</title>
       <programlisting role="php">
 <![CDATA[
-<?php 
-// Available since PHP 4.1.0
+<?php
+echo $_POST['username'];
+echo $_REQUEST['username'];
+?>
+]]>
+      </programlisting>
+     </example>
+    </para>
 
-   echo $_POST['username'];
-   echo $_REQUEST['username'];
+    <para>
+     There were some other ways of accessing user input in old PHP versions. There
+     are listed below. See changelog at the bottom of the page for more details.
+     <example>
+      <title>Old methods of accessing user input</title>
+      <programlisting role="php">
+<![CDATA[
+<?php
+// WATCH OUT: these methods ARE NOT supported anymore.
+// Valid ones were described above.
 
+// Using import_request_variables() - this function has been removed in PHP 5.4.0
    import_request_variables('p', 'p_');
    echo $p_username;
 
-// As of PHP 5.0.0, these long predefined variables can be
-// disabled with the register_long_arrays directive.
-
+// These long predefined variables were removed in PHP 5.4.0
    echo $HTTP_POST_VARS['username'];
 
-// Available if the PHP directive register_globals = on. As of 
-// PHP 4.2.0 the default value of register_globals = off.
-// Using/relying on this method is not preferred.
-
+// Using register_globals. This feature was removed in PHP 5.4.0
    echo $username;
 ?>
 ]]>
       </programlisting>
      </example>
     </para>
+
     <para>
      Using a GET form is similar except you'll use the appropriate
      GET predefined variable instead. GET also applies to the
      <literal>QUERY_STRING</literal> (the information after the '?' in a URL).  So,
      for example, <literal>http://www.example.com/test.php?id=3</literal>
      contains GET data which is accessible with <varname>$_GET['id']</varname>.
-     See also <varname>$_REQUEST</varname> and 
-     <function>import_request_variables</function>.
+     See also <varname>$_REQUEST</varname>.
     </para>
 
-    <note>
-     <para>
-      <link linkend="language.variables.superglobals">Superglobal arrays</link>, 
-      like <varname>$_POST</varname> and <varname>$_GET</varname>, became 
-      available in PHP 4.1.0
-     </para>
-    </note>
-
     <note>
      <para>
       Dots and spaces in variable names are converted to underscores. For
@@ -893,27 +894,6 @@ I am B.
      </para>
     </note>
 
-    <para>
-     As shown, before PHP 4.2.0 the default value for <link
-     linkend="ini.register-globals">register_globals</link>
-     was <emphasis>on</emphasis>.  The PHP 
-     community is encouraging all to not rely on this directive 
-     as it's preferred to assume it's <emphasis>off</emphasis> and code 
-     accordingly.
-    </para>
-
-    <note>
-     <para>
-      The <link linkend="ini.magic-quotes-gpc">magic_quotes_gpc</link> 
-      configuration directive affects Get, Post and Cookie values.  If 
-      turned on, value (It's "PHP!") will automagically become (It\'s \"PHP!\").
-      It was deemed that this was needed for escaping for DB insertion circa a
-      decade ago and is a legacy feature now that should be disabled. See also
-      <function>addslashes</function>, <function>stripslashes</function> and 
-      <link linkend="ini.magic-quotes-sybase">magic_quotes_sybase</link>.
-     </para>
-    </note>
-    
     <simpara>
      PHP also understands arrays in the context of form variables 
      (see the <link linkend="faq.html">related faq</link>).  You may, 
@@ -994,9 +974,8 @@ if ($_POST) {
      any output is sent to the browser.  This is the same restriction
      as for the <function>header</function> function.  Cookie data 
      is then available in the appropriate cookie data arrays, such 
-     as <varname>$_COOKIE</varname>, <varname>$HTTP_COOKIE_VARS</varname> 
-     as well as in <varname>$_REQUEST</varname>.  See the 
-     <function>setcookie</function> manual page for more details and 
+     as <varname>$_COOKIE</varname> as well as in <varname>$_REQUEST</varname>.
+     See the <function>setcookie</function> manual page for more details and 
      examples.
     </simpara>
 
@@ -1095,8 +1074,60 @@ $varname.ext;  /* invalid variable name */
     </para>
    </sect2>
 
+   <sect2 xml:id="language.variables.external.changelog">
+    <title>Changelog</title>
+
+    <para>
+     <informaltable>
+      <tgroup cols="2">
+       <thead>
+        <row>
+         <entry>&Version;</entry>
+         <entry>&Description;</entry>
+        </row>
+       </thead>
+       <tbody>
+        <row>
+         <entry>5.4.0</entry>
+         <entry>
+          <link linkend="security.globals">Register Globals</link>, 
+          <link linkend="security.magicquotes">Magic Quotes</link> and
+          <link linkend="ini.register-long-arrays">register_long_arrays</link>
+          has been removed
+         </entry>
+        </row>
+        <row>
+         <entry>5.3.0</entry>
+         <entry>
+          <link linkend="security.globals">Register Globals</link>, 
+          <link linkend="security.magicquotes">Magic Quotes</link> and
+          <link linkend="ini.register-long-arrays">register_long_arrays</link>
+          became deprecated
+         </entry>
+        </row>
+        <row>
+         <entry>4.2.0</entry>
+         <entry>
+          <link linkend="ini.register-globals">register_globals</link>
+          directive defaults to <emphasis>off</emphasis>.
+         </entry>
+        </row>
+        <row>
+         <entry>4.1.0</entry>
+         <entry>
+          <link linkend="language.variables.superglobals">Superglobal arrays</link>, 
+          like <varname>$_POST</varname> and <varname>$_GET</varname> became 
+          available
+         </entry>
+        </row>
+       </tbody>
+      </tgroup>
+     </informaltable>
+    </para>
+   </sect2>
+
   </sect1>
-     
+
  </chapter>
  
 <!-- Keep this comment at the end of the file