1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Windows PHP problem (possibly config)

Discussion in 'Software' started by eaterofpies, 8 Jun 2003.

  1. eaterofpies

    eaterofpies What's a Dremel?

    Joined:
    12 Feb 2002
    Posts:
    1,745
    Likes Received:
    0
    its taken me about 2 weeks but ive got php apache and mysql installed and i thought it was all ok until i found this problem

    if i stick this in the address bar
    www.eaterofpies.co.uk/bob.php?page=wibble
    then according to my mate $page should now contain wibble but $page isnt even set

    any ideas?

    EDIT if i request a page with phpinfo() in like this
    phpinfo.php?bob=wibble

    under the variables section i get
    _REQUEST["bob"] wibble
    _GET["bob"] wibble

    so i think its working . . . just not on my page
     
    Last edited: 8 Jun 2003
    eaterofpies, 8 Jun 2003
    #1
  2. bradford010

    bradford010 Bradon Frohman

    Joined:
    7 Dec 2001
    Posts:
    3,426
    Likes Received:
    0
    Congratulations, you've just stumbled over a fundamental concept of secure PHP programming ;)

    When using 'file.php?foo=bar' $foo did used to be set to bar in the script file.php.

    However in one of the (relatively) recent PHP releases, register globals is set to off by default (in the file php.ini).

    This means that you have to refer to your variables using either $_GET["foo"] (if $foo is appended to the URL string) or $_POST["foo"] (if $foo was passed in through a form submitted using the POST method).


    You can get it to work the way you want by setting register globals to on in php.ini, but this is strongly discouraged.

    For example if you were passing variables in using the form/POST method, they could be over ridden without too much effort (if register globals was on) by someone passing malicious values in through the URL string using the same variable names.

    :)
     
    bradford010, 8 Jun 2003
    #2
  3. eaterofpies

    eaterofpies What's a Dremel?

    Joined:
    12 Feb 2002
    Posts:
    1,745
    Likes Received:
    0
    cheers for telling me why it wont work and im damn glad i dont need to reinstall / compile everything again. i can actually try the get thing yet cos i decided to work on the case that my server was in :hehe: decided it was time my flightcase pc type thing had a switch on the outside and a rj45 port as i was fed up with it being open
     
    eaterofpies, 8 Jun 2003
    #3
  4. RTT

    RTT #parp

    Joined:
    12 Mar 2001
    Posts:
    14,120
    Likes Received:
    74
    one thing, don't bother with using the ""s in $_POST["variable"];

    eg -
    echo "$_POST["variable"]";


    $_POST[variable] will do fine, and won't confuse php with the extra ""s...

    if that makes sense :p many times people post php problems and it's down to the extra ""/'' usage
     
    RTT, 8 Jun 2003
    #4
  5. Bogomip

    Bogomip ... Yo Momma

    Joined:
    15 Jun 2002
    Posts:
    5,164
    Likes Received:
    40
    i disagree, register globals has been incredibly useful to me, and if your careful u can take steps in your code to make sure it isnt maltreated, i.e. in all of my scripts, all the user would get by messin with them is a script which wont work!
     
    Bogomip, 9 Jun 2003
    #5
  6. bradford010

    bradford010 Bradon Frohman

    Joined:
    7 Dec 2001
    Posts:
    3,426
    Likes Received:
    0
    lol, then you're not really disagreeing with me, you're disagreeing with most of the PHP community.

    In addition to that, programmers don't necessarily have access to their .ini file to turn it back on.
     
    bradford010, 9 Jun 2003
    #6
Tags:

Share This Page