|Different results with different systems|
Why doesn't this work over the loopback?
| 12:25 pm on Aug 16, 2004 (gmt 0)|
The following piece of code is a cutdown example that demonstrates the problem. I run Linux on my desktop and I have apache and php running via the loopback interface 127.0.0.1.
When I run this program on the desktop it just results in the page being reloaded and there is no attempt to load ch.php
However when I upload it to a live web server which is running under BSD it DOES work as expected.
I presume there is something wrong with my set up
can anyone help as this is a part of an application that HAS to run on the desktop.
print "<img src=\"dscn4727.jpg\">";
<form method="post" action="">
<input name="entry" type="text" maxlength="90" class="textbox"
size="30" value="<?php echo $entry;?>" >
<input type="Submit" name="submitj" value="Enter Information">
| 2:37 pm on Aug 16, 2004 (gmt 0)|
$submitj is $_POST variable ($_POST['submitj']), and if it's working like this on your remote server, it means that the server's configured with register_globals = on, whereas your local site has register_globals = off.
A setting of 'on' would allowed $submitj to be available directly, and not just through the $_POST array.
If this is the case, which I suspect it is, it's a poor choice by your web host. Globals on, especially on a live site, is a dangerous security issue; update your scripts accordingly.
| 3:53 pm on Aug 17, 2004 (gmt 0)|
First, I completely agree that you should turn off register globals which may or may not cause security issues, depending on how the script is built, but it definitely can lead to bad code, and, as you have seen, unexpected results. Rewrite the scripts. As Chris Shifflet said in his OSCon presentation (Google for it if you want some good reading on PHP security), Register Globals "is not a security vulnerability, but it is a risk and a bad practice."
Now, stepping down from the pulpit... if for some reason you absolutely cannot rewrite the script, you can get it running by turning register_globals on by putting this in a .htaccess
php_flag register_globals On