Welcome to WebmasterWorld Guest from

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

Different results with different systems

Why doesn't this work over the loopback?

12:25 pm on Aug 16, 2004 (gmt 0)

Junior Member

10+ Year Member

joined:June 14, 2003
votes: 0

The following piece of code is a cutdown example that demonstrates the problem. I run Linux on my desktop and I have apache and php running via the loopback interface
When I run this program on the desktop it just results in the page being reloaded and there is no attempt to load ch.php

However when I upload it to a live web server which is running under BSD it DOES work as expected.

I presume there is something wrong with my set up
can anyone help as this is a part of an application that HAS to run on the desktop.

if ($submitj)

header("Location: ch.php");

print "<img src=\"dscn4727.jpg\">";


<form method="post" action="">

<input name="entry" type="text" maxlength="90" class="textbox"
size="30" value="<?php echo $entry;?>" >
<input type="Submit" name="submitj" value="Enter Information">


2:37 pm on Aug 16, 2004 (gmt 0)

Junior Member

10+ Year Member

joined:Feb 1, 2004
votes: 0

$submitj is $_POST variable ($_POST['submitj']), and if it's working like this on your remote server, it means that the server's configured with register_globals = on, whereas your local site has register_globals = off.

A setting of 'on' would allowed $submitj to be available directly, and not just through the $_POST array.

If this is the case, which I suspect it is, it's a poor choice by your web host. Globals on, especially on a live site, is a dangerous security issue; update your scripts accordingly.

3:53 pm on Aug 17, 2004 (gmt 0)


WebmasterWorld Administrator ergophobe is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Apr 25, 2002
votes: 180

First, I completely agree that you should turn off register globals which may or may not cause security issues, depending on how the script is built, but it definitely can lead to bad code, and, as you have seen, unexpected results. Rewrite the scripts. As Chris Shifflet said in his OSCon presentation (Google for it if you want some good reading on PHP security), Register Globals "is not a security vulnerability, but it is a risk and a bad practice."

Now, stepping down from the pulpit... if for some reason you absolutely cannot rewrite the script, you can get it running by turning register_globals on by putting this in a .htaccess

php_flag register_globals On