Improved register_globals

pages/account/54.php

@@ -16,10 +16,10 @@
     Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
 */ ?>
 <? 
-	$ccid = intval($_REQUEST['ccid']);
-	$regid = intval($_REQUEST['regid']);
-	$locid = intval($_REQUEST['locid']);
-	$name = mysql_escape_string($_REQUEST['name']);
+	$ccid = array_key_exists('ccid',$_REQUEST)?intval($_REQUEST['ccid']):0;
+	$regid = array_key_exists('regid',$_REQUEST)?intval($_REQUEST['regid']):0;
+	$locid = array_key_exists('locid',$_REQUEST)?intval($_REQUEST['locid']):0;
+	$name = array_key_exists('name',$_REQUEST)?mysql_escape_string($_REQUEST['name']):"";
 
 	if($ccid > 0 && $_REQUEST['action'] == "add") { ?>
 <form method="post" action="account.php">
@@ -73,11 +73,11 @@
   </tr>
   <tr>
     <td class="DataTD"><?=_("Longitude")?>:</td>
-    <td class="DataTD"><input type="text" name="longitude" value="<?=sanitizeHTML($_REQUEST['longitude'])?>"></td>
+    <td class="DataTD"><input type="text" name="longitude" value="<?=array_key_exists('longitude',$_REQUEST)?sanitizeHTML($_REQUEST['longitude']):""?>"></td>
   </tr>
   <tr>
     <td class="DataTD"><?=_("Latitude")?>:</td>
-    <td class="DataTD"><input type="text" name="latitude" value="<?=sanitizeHTML($_REQUEST['latitude'])?>"></td>
+    <td class="DataTD"><input type="text" name="latitude" value="<?=array_key_exists('latitude',$_REQUEST)?sanitizeHTML($_REQUEST['latitude']):""?>"></td>
   </tr>
   <tr>
     <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Add")?>"></td>
@@ -93,9 +93,9 @@
 
 	if($name == "")
 		$name = $row['name'];
-	if($_REQUEST['longitude'] == "")
+	if(!array_key_exists('longitude',$_REQUEST) || $_REQUEST['longitude'] == "")
 		$_REQUEST['longitude'] = $row['long'];
-	if($_REQUEST['latitude'] == "")
+	if(!array_key_exists('latitude',$_REQUEST) || $_REQUEST['latitude'] == "")
 		$_REQUEST['latitude'] = $row['lat'];
 ?>
 <form method="post" action="account.php">