parameters in URL not readable

ge************@gmail.com wrote:

Hi,

I transfered one of my websites to another provider because I was
asked to do that.
The problem I have is it seems like the parameters after the ? are not
readable in the page.
Whereever I make an echo on that page there is nothing happening.
php 5.0.5 is on the server

Is there anyone who can help me?

Check register_globals, and print_r($_GET).
Are they there?
--
Rik Wasmus

>
Check register_globals, and print_r($_GET).
Are they there?
--
Rik Wasmus

Yes it is there.

Geoff

ge************@gmail.com wrote:

>Check register_globals, and print_r($_GET).
Are they there?

Yes it is there.

http://www.php.net/manual/en/securit...terglobals.php
--
Rik Wasmus

Rik wrote:

ge************@gmail.com wrote:

Check register_globals, and print_r($_GET).
Are they there?

Yes it is there.

http://www.php.net/manual/en/securit...terglobals.php
--
Rik Wasmus

Is there a way to get a fast solution?
otherwise i have to change a lot.

Geoff wrote:

Rik wrote:

>ge************@gmail.com wrote:

>>>Check register_globals, and print_r($_GET).
Are they there?

Yes it is there.

http://www.php.net/manual/en/securit...terglobals.php

Is there a way to get a fast solution?
otherwise i have to change a lot.

I urge you to fix this, but in the mean while:
extract($_GET);
--
Rik Wasmus

>

I urge you to fix this, but in the mean while:
extract($_GET);
--
Rik Wasmus

What is the new way to do this?
I've read through the link you gave me but it isn't completely clear to
me.

Geoff

Geoff wrote:

>I urge you to fix this, but in the mean while:
extract($_GET);

What is the new way to do this?
I've read through the link you gave me but it isn't completely clear
to me.

1. All variables from a GET request are in the $_GET-array. This will make
sure that they don't 'infect' used variables.
2. When using a $_GET variable, first make sure it's a type you expect.
(for instance:
$id = intval($_GET['id']);//make sure it's an integer
$name = preg_replace('/^[a-z0-9]/i','',$_GET['name']);//only
alphanumeric characters)
3. Use validated variables as you would like.
The main reason is that (sloppy) code with uninitialized variables can be
influenced with either GET or POST request resulting in unexpected and/or
undesireable results. Alwaus make sure you:
a: initiliaze all variables.
b: no outside variables are used for anything without a proper type-check
first.
--
Grtz,

Rik Wasmus

Thank you

Rik wrote:

Geoff wrote:

I urge you to fix this, but in the mean while:
extract($_GET);

What is the new way to do this?
I've read through the link you gave me but it isn't completely clear
to me.

1. All variables from a GET request are in the $_GET-array. This will make
sure that they don't 'infect' used variables.
2. When using a $_GET variable, first make sure it's a type you expect.
(for instance:
$id = intval($_GET['id']);//make sure it's an integer
$name = preg_replace('/^[a-z0-9]/i','',$_GET['name']);//only
alphanumeric characters)
3. Use validated variables as you would like.
The main reason is that (sloppy) code with uninitialized variables can be
influenced with either GET or POST request resulting in unexpected and/or
undesireable results. Alwaus make sure you:
a: initiliaze all variables.
b: no outside variables are used for anything without a proper type-check
first.
--
Grtz,

Rik Wasmus

Geoff wrote:

>I urge you to fix this, but in the mean while:
extract($_GET);
--
Rik Wasmus

What is the new way to do this?
I've read through the link you gave me but it isn't completely clear to
me.

Geoff

Quick and dirty:

Use a text editor to include a script at the very beginning of every php
file:

<?php
include 'extractor.php';
?>

Put this in extractor.php

<?php
if (is_array($_GET))
{
foreach ($_GET as $xxkey =$xxvalue)
{
$$xxkey = $xxvalue;
}
}
?>

(Note: 'xx' is added to the var name to try and keep the var names
unique, otherwise, if you have passed a GET variable with the same name
($key or $value), it would be overwritten by the next iteration of the
foreach.)

This should get you working, but then I advise you to go back and add
some real injection prevention functions at the beginning of routines
that need them.

--
*****************************
Chuck Anderson • Boulder, CO
http://www.CycleTourist.com
*****************************

Chuck Anderson wrote:

Geoff wrote:

>>I urge you to fix this, but in the mean while:
extract($_GET);
--
Rik Wasmus

What is the new way to do this?
I've read through the link you gave me but it isn't completely clear to
me.

Geoff

Quick and dirty:

Use a text editor to include a script at the very beginning of every php
file:

<?php
include 'extractor.php';
?>

Put this in extractor.php

<?php
if (is_array($_GET))
{
foreach ($_GET as $xxkey =$xxvalue)
{
$$xxkey = $xxvalue;
}
}
?>

(Note: 'xx' is added to the var name to try and keep the var names
unique, otherwise, if you have passed a GET variable with the same name
($key or $value), it would be overwritten by the next iteration of the
foreach.)

This should get you working, but then I advise you to go back and add
some real injection prevention functions at the beginning of routines
that need them.

This looks to me like a clumsy way of emulating 'extract($_GET)', as
suggested by Rik. Are you claiming some advantage to doing it this way?

Colin