1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 9:31 pm Apr 28, 2026

Forum Moderators: coopster

Message Too Old, No Replies

Different results with different systems

Why doesn't this work over the loopback?

         

neiljones

12:25 pm on Aug 16, 2004 (gmt 0)

10+ Year Member



The following piece of code is a cutdown example that demonstrates the problem. I run Linux on my desktop and I have apache and php running via the loopback interface 127.0.0.1.
When I run this program on the desktop it just results in the page being reloaded and there is no attempt to load ch.php

However when I upload it to a live web server which is running under BSD it DOES work as expected.

I presume there is something wrong with my set up
can anyone help as this is a part of an application that HAS to run on the desktop.

<?
if ($submitj)
{

header("Location: ch.php");
}else{

print "<img src=\"dscn4727.jpg\">";

?>

<form method="post" action="">

<input name="entry" type="text" maxlength="90" class="textbox"
size="30" value="<?php echo $entry;?>" >
<input type="Submit" name="submitj" value="Enter Information">
</form>

<?
}
?>
</body>
</html>

Warboss Alex

2:37 pm on Aug 16, 2004 (gmt 0)

10+ Year Member



$submitj is $_POST variable ($_POST['submitj']), and if it's working like this on your remote server, it means that the server's configured with register_globals = on, whereas your local site has register_globals = off.

A setting of 'on' would allowed $submitj to be available directly, and not just through the $_POST array.

If this is the case, which I suspect it is, it's a poor choice by your web host. Globals on, especially on a live site, is a dangerous security issue; update your scripts accordingly.

ergophobe

3:53 pm on Aug 17, 2004 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



First, I completely agree that you should turn off register globals which may or may not cause security issues, depending on how the script is built, but it definitely can lead to bad code, and, as you have seen, unexpected results. Rewrite the scripts. As Chris Shifflet said in his OSCon presentation (Google for it if you want some good reading on PHP security), Register Globals "is not a security vulnerability, but it is a risk and a bad practice."

Now, stepping down from the pulpit... if for some reason you absolutely cannot rewrite the script, you can get it running by turning register_globals on by putting this in a .htaccess

php_flag register_globals On

Tom

 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 9:31 pm Apr 28, 2026