468,289 Members | 1,867 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 468,289 developers. It's quick & easy.

parameters in URL not readable

Hi,

I transfered one of my websites to another provider because I was asked
to do that.
The problem I have is it seems like the parameters after the ? are not
readable in the page.
Whereever I make an echo on that page there is nothing happening.
php 5.0.5 is on the server

Is there anyone who can help me?

Best regards,

Geoff

Oct 25 '06 #1
10 1469
Rik
ge************@gmail.com wrote:
Hi,

I transfered one of my websites to another provider because I was
asked to do that.
The problem I have is it seems like the parameters after the ? are not
readable in the page.
Whereever I make an echo on that page there is nothing happening.
php 5.0.5 is on the server

Is there anyone who can help me?
Check register_globals, and print_r($_GET).
Are they there?
--
Rik Wasmus
Oct 25 '06 #2
>
Check register_globals, and print_r($_GET).
Are they there?
--
Rik Wasmus
Yes it is there.

Geoff

Oct 25 '06 #3
Rik
ge************@gmail.com wrote:
>Check register_globals, and print_r($_GET).
Are they there?

Yes it is there.
http://www.php.net/manual/en/securit...terglobals.php
--
Rik Wasmus
Oct 25 '06 #4

Rik wrote:
ge************@gmail.com wrote:
Check register_globals, and print_r($_GET).
Are they there?
Yes it is there.

http://www.php.net/manual/en/securit...terglobals.php
--
Rik Wasmus
Is there a way to get a fast solution?
otherwise i have to change a lot.

Oct 25 '06 #5
Rik
Geoff wrote:
Rik wrote:
>ge************@gmail.com wrote:
>>>Check register_globals, and print_r($_GET).
Are they there?

Yes it is there.

http://www.php.net/manual/en/securit...terglobals.php

Is there a way to get a fast solution?
otherwise i have to change a lot.
I urge you to fix this, but in the mean while:
extract($_GET);
--
Rik Wasmus
Oct 25 '06 #6
>
I urge you to fix this, but in the mean while:
extract($_GET);
--
Rik Wasmus
What is the new way to do this?
I've read through the link you gave me but it isn't completely clear to
me.

Geoff

Oct 25 '06 #7
Rik
Geoff wrote:
>I urge you to fix this, but in the mean while:
extract($_GET);
What is the new way to do this?
I've read through the link you gave me but it isn't completely clear
to me.
1. All variables from a GET request are in the $_GET-array. This will make
sure that they don't 'infect' used variables.
2. When using a $_GET variable, first make sure it's a type you expect.
(for instance:
$id = intval($_GET['id']);//make sure it's an integer
$name = preg_replace('/^[a-z0-9]/i','',$_GET['name']);//only
alphanumeric characters)
3. Use validated variables as you would like.
The main reason is that (sloppy) code with uninitialized variables can be
influenced with either GET or POST request resulting in unexpected and/or
undesireable results. Alwaus make sure you:
a: initiliaze all variables.
b: no outside variables are used for anything without a proper type-check
first.
--
Grtz,

Rik Wasmus
Oct 25 '06 #8
Thank you

Rik wrote:
Geoff wrote:
I urge you to fix this, but in the mean while:
extract($_GET);
What is the new way to do this?
I've read through the link you gave me but it isn't completely clear
to me.

1. All variables from a GET request are in the $_GET-array. This will make
sure that they don't 'infect' used variables.
2. When using a $_GET variable, first make sure it's a type you expect.
(for instance:
$id = intval($_GET['id']);//make sure it's an integer
$name = preg_replace('/^[a-z0-9]/i','',$_GET['name']);//only
alphanumeric characters)
3. Use validated variables as you would like.
The main reason is that (sloppy) code with uninitialized variables can be
influenced with either GET or POST request resulting in unexpected and/or
undesireable results. Alwaus make sure you:
a: initiliaze all variables.
b: no outside variables are used for anything without a proper type-check
first.
--
Grtz,

Rik Wasmus
Oct 25 '06 #9
Geoff wrote:
>I urge you to fix this, but in the mean while:
extract($_GET);
--
Rik Wasmus

What is the new way to do this?
I've read through the link you gave me but it isn't completely clear to
me.

Geoff

Quick and dirty:

Use a text editor to include a script at the very beginning of every php
file:

<?php
include 'extractor.php';
?>

Put this in extractor.php

<?php
if (is_array($_GET))
{
foreach ($_GET as $xxkey =$xxvalue)
{
$$xxkey = $xxvalue;
}
}
?>

(Note: 'xx' is added to the var name to try and keep the var names
unique, otherwise, if you have passed a GET variable with the same name
($key or $value), it would be overwritten by the next iteration of the
foreach.)

This should get you working, but then I advise you to go back and add
some real injection prevention functions at the beginning of routines
that need them.

--
*****************************
Chuck Anderson Boulder, CO
http://www.CycleTourist.com
*****************************
Oct 25 '06 #10
Chuck Anderson wrote:
Geoff wrote:
>>I urge you to fix this, but in the mean while:
extract($_GET);
--
Rik Wasmus

What is the new way to do this?
I've read through the link you gave me but it isn't completely clear to
me.

Geoff

Quick and dirty:

Use a text editor to include a script at the very beginning of every php
file:

<?php
include 'extractor.php';
?>

Put this in extractor.php

<?php
if (is_array($_GET))
{
foreach ($_GET as $xxkey =$xxvalue)
{
$$xxkey = $xxvalue;
}
}
?>

(Note: 'xx' is added to the var name to try and keep the var names
unique, otherwise, if you have passed a GET variable with the same name
($key or $value), it would be overwritten by the next iteration of the
foreach.)

This should get you working, but then I advise you to go back and add
some real injection prevention functions at the beginning of routines
that need them.
This looks to me like a clumsy way of emulating 'extract($_GET)', as
suggested by Rik. Are you claiming some advantage to doing it this way?

Colin
Oct 29 '06 #11

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

6 posts views Thread by Philipp Lenssen | last post: by
15 posts views Thread by David Fisher | last post: by
4 posts views Thread by Steven T. Hatton | last post: by
14 posts views Thread by Julia | last post: by
2 posts views Thread by MrBee | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.