Welcome to WebmasterWorld Guest from

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

PHP doen't take variables



1:01 am on Jan 3, 2006 (gmt 0)

10+ Year Member

(I hope it's the correct forum for this)

I've just moved to a new server. the problem is that the php files don't take the variables. (eg. domain.com/index.php?var=sth doesn't load var while $var=sth inside the .php file works perfectly)
Where I must seek the problem?


1:04 am on Jan 3, 2006 (gmt 0)

10+ Year Member

I'd bet cash money that register_globals is "off" on your new server, and was "on" on the previous one.

Access your GET variables as $_GET['var']


2:04 am on Jan 3, 2006 (gmt 0)

10+ Year Member

Thanks a lot for the point, and sorry for the delay; I was busy with a few files to change all.

Btw, is it any dangerous to set it to on in php.ini?


2:27 am on Jan 3, 2006 (gmt 0)

10+ Year Member

Rather than expressing my own opinion, which is far from expert, I'll quote from php.net: "the directive itself isn't insecure but rather it's the misuse of it." (source [php.net])

According to everything I've read on it, it's much easier to write insecure scripts that rely on register_globals being on. Having it turned off requires that you access GET, POST, COOKIES, etc., by the GLOBAL array variables ($_GET, $_POST, and so forth), which forces you to expressly recognize where the variable's value is coming from.

With register_globals on, you can blithely use $admin, supposedly derived from the value of a cookie that you set when a user logged in as an admin, but a user can send ?admin=yes in the URL and $admin will now have the value "yes." You can see where that kind of thing can lead, I'm sure.

I keep it turned off on my own server.


2:30 am on Jan 3, 2006 (gmt 0)

10+ Year Member

Thanks again.

And "reading is always the best way, though not the easiest!"


Featured Threads

Hot Threads This Week

Hot Threads This Month