|PHP doen't take variables|
| 1:01 am on Jan 3, 2006 (gmt 0)|
(I hope it's the correct forum for this)
I've just moved to a new server. the problem is that the php files don't take the variables. (eg. domain.com/index.php?var=sth doesn't load var while $var=sth inside the .php file works perfectly)
Where I must seek the problem?
| 1:04 am on Jan 3, 2006 (gmt 0)|
I'd bet cash money that register_globals is "off" on your new server, and was "on" on the previous one.
Access your GET variables as $_GET['var']
| 2:04 am on Jan 3, 2006 (gmt 0)|
Thanks a lot for the point, and sorry for the delay; I was busy with a few files to change all.
Btw, is it any dangerous to set it to on in php.ini?
| 2:27 am on Jan 3, 2006 (gmt 0)|
Rather than expressing my own opinion, which is far from expert, I'll quote from php.net: "the directive itself isn't insecure but rather it's the misuse of it." (source [php.net])
According to everything I've read on it, it's much easier to write insecure scripts that rely on register_globals being on. Having it turned off requires that you access GET, POST, COOKIES, etc., by the GLOBAL array variables ($_GET, $_POST, and so forth), which forces you to expressly recognize where the variable's value is coming from.
With register_globals on, you can blithely use $admin, supposedly derived from the value of a cookie that you set when a user logged in as an admin, but a user can send ?admin=yes in the URL and $admin will now have the value "yes." You can see where that kind of thing can lead, I'm sure.
I keep it turned off on my own server.
| 2:30 am on Jan 3, 2006 (gmt 0)|
And "reading is always the best way, though not the easiest!"