|
|
Posted by davidkruger on 07/27/07 15:30
On Jul 25, 2:10 pm, Jerim <wyo...@gmail.com> wrote:
> On Jul 25, 1:52 pm, Michael Fesser <neti...@gmx.de> wrote:
>
>
>
>
>
> > .oO(Jerim)
>
> > >I am working on some legacy code that has been through several hands
> > >over the years. The gist of it is that there is a "Register" button on
> > >our website, that goes to a redirect page, that then calls a page that
> > >displays our registration form. The URL the Register button uses
> > >includes passing a variable. For instance, lets say the URL is
> > >http://www.website.com/register.php?code=01
>
> > >The thing is that on register.php there is no POST, GET or SESSION
> > >anywhere. [...]
>
> > In older versions of PHP variables such variables were automatically
> > imported into the global scope. This was called register_globals.
> > Without any further action there would have been a global variable $code
> > with the value '01'.
>
> > In recent PHP this "feature" is disabled for security reasons, in PHP 6
> > it will be dropped completely.
>
> > Micha
>
> Micha, thank you so much. I turned on global variables and it worked.
> That should tell you how old the script is. I honestly hadn't given
> much thought to how global variables worked or what it controlled; so
> I learned something today. Thank you again.- Hide quoted text -
>
> - Show quoted text -
Just so you know, you may want to rewrite these scripts to not require
global variables be turned on. It is a security risk to have it
turned on.
Navigation:
[Reply to this message]
|