homepage Welcome to WebmasterWorld Guest from 50.17.21.7
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Visit PubCon.com
Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
PHP doen't take variables
Jay27




msg:1276156
 1:01 am on Jan 3, 2006 (gmt 0)

(I hope it's the correct forum for this)

I've just moved to a new server. the problem is that the php files don't take the variables. (eg. domain.com/index.php?var=sth doesn't load var while $var=sth inside the .php file works perfectly)
Where I must seek the problem?

 

sonjay




msg:1276157
 1:04 am on Jan 3, 2006 (gmt 0)

I'd bet cash money that register_globals is "off" on your new server, and was "on" on the previous one.

Access your GET variables as $_GET['var']

Jay27




msg:1276158
 2:04 am on Jan 3, 2006 (gmt 0)

Thanks a lot for the point, and sorry for the delay; I was busy with a few files to change all.

Btw, is it any dangerous to set it to on in php.ini?

sonjay




msg:1276159
 2:27 am on Jan 3, 2006 (gmt 0)

Rather than expressing my own opinion, which is far from expert, I'll quote from php.net: "the directive itself isn't insecure but rather it's the misuse of it." (source [php.net])

According to everything I've read on it, it's much easier to write insecure scripts that rely on register_globals being on. Having it turned off requires that you access GET, POST, COOKIES, etc., by the GLOBAL array variables ($_GET, $_POST, and so forth), which forces you to expressly recognize where the variable's value is coming from.

With register_globals on, you can blithely use $admin, supposedly derived from the value of a cookie that you set when a user logged in as an admin, but a user can send ?admin=yes in the URL and $admin will now have the value "yes." You can see where that kind of thing can lead, I'm sure.

I keep it turned off on my own server.

Jay27




msg:1276160
 2:30 am on Jan 3, 2006 (gmt 0)

Thanks again.

And "reading is always the best way, though not the easiest!"

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved