Posted by Harrie Verveer on 07/18/07 10:04

Hi Bob,

this means that the 'register globals' setting is 'off', which is a good
thing. Using variables the way you do in the example (possible when
register globals is 'on') can cause serious security issues (because you
can set any PHP variable through the get/post-vars - which might change
the behaviour of your script).

The proper (and far more secure) way is to use the $_GET superglobal or
$_REQUEST superglobal:

<?php echo $_GET['folder']; ?>

or:

<?php
$folder = $_GET['folder'];
$navColor = $_GET['navColor'];

echo $folder;
echo $navColor;
?>

or something like that :)

More info:
http://www.php.net/register_globals

Kind regards,

Harrie Verveer
---
http://www.ibuildings.nl/blog/authors/Harrie-Verveer


Bob Bruyn wrote:
> I've recently installed Apache 2 and php 5.2 on my WIndows XP
> machine. Everything is up and running.
>
> I'm passing some vars via the URL. It works fine online:
> http://www.torusdesign.nl/spry/test.php?folder=schilderijen/vrij_werk&navColor=SchilderijenNAV
>
> This is the code:
> <?php echo $folder; ?>
> <?php echo $navColor; ?>
>
> The problem is that when I test it locally I get an error that the
> variable in undefined.
> Notice: Undefined variable: folder in F:\WEBSERVER\Apache2\htdocs\sonja
> \test.php on line 14
> Notice: Undefined variable: folder in F:\WEBSERVER\Apache2\htdocs\sonja
> \test.php on line 15
> Notice: Undefined variable: navColor in F:\WEBSERVER\Apache2\htdocs
> \sonja\test.php on line 32
>
> Can someone please help me out. Is there something wrong with my local
> php configuration?
>
> PS. You'll notice the Hello World at the top. That does work locally.
> (if that's any help)
>
>

[Back to original message]