|
|
Posted by ECRIA Public Mail Buffer on 05/26/05 20:57
It should be noted that this is not an issue of PHP 4 versus 5, but rather
of different configurations (php.ini files).
You are able to access $ok and $cancel because they are automatically set as
global variables in your PHP 4 config. You should disable this - only
goodwill can stop me from submitting a form with a field called "query" set
to drop all your databases...
To do so, open your php.ini file (probably located in your PHP folder or
your Windows folder - on Windows) and change the line that reads:
register_globals = On
to
register_globals = Off
Now, you not be able to access $ok or $cancel directly - instead, you can
access them through the $_GET or $_POST arrays(depending on your form
method). For example, if your form method is POST, then you can use this:
if (isset($_POST["ok"])) { something } and if (isset($_POST["$cancel"]))
{ something else }
ECRIA
http://www.ecria.com
Navigation:
[Reply to this message]
|