By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
459,285 Members | 1,635 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 459,285 IT Pros & Developers. It's quick & easy.

Variables problem

P: n/a
I recently upgraded my webserver from SuSE 8.1 to 8.2. Strange thing
happened. My php scripts are working only partially. When I do a call
something.php?st=100, I somehow lose that variable and next page doesn't
show nothing. Even form with POST method doesn't submit anything. It
does submit an empty form though...

Any ideas what's going on.

Thanks,
Boris
Jul 17 '05 #1
Share this Question
Share on Google+
4 Replies


P: n/a
could be a register_globals problem

if register_globals is off now, ?st=100 will not be registered
automatically as $st=100 anymore.

instead it will be accessible through the $_POST array as $_POST['st'].

if that is the problem, rather change your scripts than switch on
register_globals, because register_globals off is a good thing to have
(security wise).

micha

Jul 17 '05 #2

P: n/a
One quick glance of an experienced eye allowed to understand the blurred
and almost unreadable micha's handwriting:
could be a register_globals problem

if register_globals is off now, ?st=100 will not be registered
automatically as $st=100 anymore.

instead it will be accessible through the $_POST array as $_POST['st'].
Nope, it'll be the $_GET array and $_GET['st']. :)
if that is the problem, rather change your scripts than switch on
register_globals, because register_globals off is a good thing to have
(security wise).


Agreed. Imagine you are using a global variable called "admin" set to
false unles a proper admin authorization occurs... Now, when you have
register_globals set to "on", you'll get this global var in the $admin
var AND ?anything=whatever will give you a global var $anything with
value "whatever".
Now imagine somebody doing this:

?admin=true

You will get the $admin var with "true" as value - but without any
authentication...
When register globals is off, you'll get your global var as
$GLOBALS['admin'] and the var from the address as $_GET['admin'] - no
security risk here. :)

Cheers
Mike

Jul 17 '05 #3

P: n/a
yes, the $_GET array. sorry.

micha

Jul 17 '05 #4

P: n/a
Micha? Wo?niak <mikiwoz_remove_this@yahoo_remove_this.co.uk> wrote:
Agreed. Imagine you are using a global variable called "admin" set to
false unles a proper admin authorization occurs...
Something like:

$admin=autheticate();
Now, when you have register_globals set to "on", you'll get this
global var in the $admin var AND ?anything=whatever will give you a
global var $anything with value "whatever". Now imagine somebody
doing this:

?admin=true

You will get the $admin var with "true" as value - but without any
authentication...


Nope, doens't change anything in the sample code above.

register_globals doens't protect from using uninitialized variables
at all.

You'd be right if the programmer was stupid enough to authenticate like:

if(authticate())
{
$admin=true;
}

But that would be caught by the proper error level reporting setting
during development.

Jul 17 '05 #5

This discussion thread is closed

Replies have been disabled for this discussion.