Msg#: 4756 posted 12:25 pm on Aug 16, 2004 (gmt 0)
The following piece of code is a cutdown example that demonstrates the problem. I run Linux on my desktop and I have apache and php running via the loopback interface 127.0.0.1. When I run this program on the desktop it just results in the page being reloaded and there is no attempt to load ch.php
However when I upload it to a live web server which is running under BSD it DOES work as expected.
I presume there is something wrong with my set up can anyone help as this is a part of an application that HAS to run on the desktop.
$submitj is $_POST variable ($_POST['submitj']), and if it's working like this on your remote server, it means that the server's configured with register_globals = on, whereas your local site has register_globals = off.
A setting of 'on' would allowed $submitj to be available directly, and not just through the $_POST array.
If this is the case, which I suspect it is, it's a poor choice by your web host. Globals on, especially on a live site, is a dangerous security issue; update your scripts accordingly.
First, I completely agree that you should turn off register globals which may or may not cause security issues, depending on how the script is built, but it definitely can lead to bad code, and, as you have seen, unexpected results. Rewrite the scripts. As Chris Shifflet said in his OSCon presentation (Google for it if you want some good reading on PHP security), Register Globals "is not a security vulnerability, but it is a risk and a bad practice."
Now, stepping down from the pulpit... if for some reason you absolutely cannot rewrite the script, you can get it running by turning register_globals on by putting this in a .htaccess