|
Posted by Norbert van Nobelen on 10/21/69 11:33
register_globals=on will result in a totally non transparant way of variables
from a post being usuable. For example: You post the variable tt_name with a
value, than echo $tt_name will show that value without you having to assign
it from the post.
It is not only insecure, it is also very bad coding practice.
On Thursday 01 December 2005 14:27, Matt Monaco wrote:
> As I learned recently, register_globals should always be off, you do not
> need it to enable GET and POST variables. I believe enabling it will do
> something like set $_POST["name"] to $name automatically (of course there's
> always the 90% chance that I'm absolutely wrong).
>
> You might want to see if your _GET variables are working correctly too.
> Try creating a simple page:
>
> <?php //testGet.php
> echo "TEST GET: <br>";
> var_dump($_GET);
> echo "<br>END TEST";
> ?>
>
> If you call the page like localhost/testGet.php?testVar=testString than
> there might be some security settings within your http server preventing
> this and you should check both your http access and error logs.
>
> "Fil" <fil_mat@dodo.com.au> wrote in message
> news:438E82FF.3050001@dodo.com.au...
>
> > Ladies and Gentlemen,
> >
> > Thankyou for this opportunity of picking someones brains before I tear
> > the place apart. I am just starting with PHP but have encountered an
> > insurmountable hurdle.. I need to work through HTML form "posting"
> > examples to a PHP script. ONE STEP after "Hello World"
> >
> > I have taken the following steps:
> >
> > 1: My php.ini (The only one on the system ) is located in
> > /etc/php.ini
> >
> > Because I am using an above 4.1 version of PHP
> > I have manually altered the values of
> >
> > register_globals = On
> >
> > 2: I have repeatedly stopped and restarted Apache webserver.
> > (Version 2)
> >
> > 3. I have a "Hello World" HTML - > hello.php that loads and runs
> > succesfully hence I have a valid Webserver PHP HTML connection with my
> > browser.
> >
> > 4. In "Hello World I have taken the liberty of including a phpinfo()
> >
> > 5. The output of phpinfo() among others reveals:
> >
> > post_max_size 8M 8M
> > precision 14 14
> > register_argc_argv On On
> > register_globals On On
> > safe_mode Off Off
> >
> > 5. I should ???? be able to use GLOBALS ( even if this will become a
> > health hazard later on)
> >
> >
> > 6. I have used the two examples from PHP's Documentation.
> >
> > Literally cut and paste...
> >
> > "Action.html "
> >
> >> <html>
> >> <head>
> >> <meta content="text/html; charset=ISO-8859-1"
> >> http-equiv="content-type">
> >> <title>filsform</title>
> >> </head>
> >> <body>
> >> <div style="text-align: center;"><span
> >> style="text-decoration: underline;">Fils Form<br>
> >> <br>
> >> <br>
> >> </span>
> >> <div style="text-align: left;">
> >> <form action="action.php" method="post"> Name: <input name="name"
> >> type="text"><br>
> >>
> >> Email: <input name="email" type="text"><br>
> >> <input name="submit" value="Submit me!" type="submit"></form>
> >> <br>
> >> <span style="text-decoration: underline;"></span></div>
> >> </div>
> >> </body>
> >> </html>
> >
> > and action.php
> >
> >> <html>
> >> <head>
> >> <title>PHP Test</title>
> >> </head>
> >> <body>
> >> HI <?php echo $_POST['name']; ?>.
> >> Your email <?php echo $_POST['email']; ?>
> >> </body>
> >> </html>
> >
> > 7. After submitting "action.html" action.php loads and prints
> >
> > Hi
> > Your email
> >
> > The contents of $_POST['name'] and $_POST['email'] appear to be
> > unavailable to action.php. If I understand the documentation correctly
> > this should not be the case and whatever strings are filled in the form
> > of action.html should now be available???
> >
> > What or where or how or why or whatever ????? must I do next... ????
> >
> > Many thanks for those interested in advance
> >
> > Fil
[Back to original message]
|