|
When a script starts, the initial values for global variables come from
one of several sources, in order of decreasing precedence:
- URL state
EXPORTed variables from the URL. - State table
EXPORTed variables from the state table. - Command line
Variables initialized on the command line.
- Environment
Environment variables set by the server, such as
$REMOTE_ADDR. - HTTP cookies
The value of any HTTP cookies sent by the Web client.
- URL
Ordinary URL variables given in the query string of the URL (i.e.
via the
GET method on a form, or EXPORT QUERY variables). - Content
Query-string style variables given in the content (i.e. the
POST method on a form). These could also be multipart MIME
variables from a form upload (p here).
These sources are checked in decreasing order: the first source that
has values for a given variable will be used. Only values from this
first (highest precedence) source will be used to initialize the
global variable. If none of these sources has a value for the
variable, it has no initial values.
Because of this ordering, lower-precedence values cannot override
higher ones when more than one source has values for the same
variable. An EXPORTed state variable will always have its
state value rather than the value from a form if both are given; the
form value is only used if no state was saved. An environment
variable like $REMOTE_ADDR will be used rather than a URL
variable of the same name. This helps prevent (un)intentional
manipulation of a script's variables by the Web client: more
"trusted" sources are used before less "trusted" ones.
This precedence ordering can be altered in EXPORTed variables
by using the USEROK flag (here). When an
EXPORT variable is flagged USEROK, the URL and Content
sources (i.e. form variables) have highest precedence, before the state
is checked.
Copyright © Thunderstone Software Last updated: Mon Feb 18 10:28:15 EST 2013
|