By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
438,724 Members | 1,868 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 438,724 IT Pros & Developers. It's quick & easy.

Passing Parameters to a Web Page Script

P: n/a
JD
I posted this earlier and it disappeared from the NewsGroup

I want to pass two parameters to a simple script running on my web server.

The script "parpass.php" looks like this:

<?php
echo "The total number of parameters passed was: $argc \n";
echo "The parameters passed were: ";
foreach (argv as $val) {
echo "$val ";
}
echo " \n ";
?>

I tried running this script by typing this in my browser window

http://www.myserver.org/parpass.php parm1 parm2

The script runs but does not report any parameters

Any help would be appreciated.

I'm new to PHP but am getting better.

Thanks to all

John
Jul 17 '05 #1
Share this Question
Share on Google+
1 Reply


P: n/a
JD wrote:
I posted this earlier and it disappeared from the NewsGroup
I tried running this script by typing this in my browser window>
http://www.myserver.org/parpass.php parm1 parm2
The script runs but does not report any parameters


"Parameters"? HAH! Klingon functions do not have 'parameters'. They have
ARGUMENTS. And they ALWAYS WIN THEM.

But seriously (ahem), there could be two issues here.

1. Assuming that your url example above is literally verbatim, you
appear to be missing the required question mark before the 'parameters'
and the required ampersand between them, with no spaces, thus the
'correct' way to type the url is:

http://www.myserver.org/parpass.php?parm1&parm2

where 'parm1' is 'myvariable1=myvalue1' and 'parm1' is
'myvariable2=myvalue2'.

2. The more fundamental and important problem is that you really
shouldn't be able to do this in the first place.

Run a phpinfo.php script and look for the property called
'register_globals', which, when turned on, allows any values passed
through a url to become automatically recognized as global variables by
default. This is a tremendous security problem, as it allows malicious
users to potentially pass all sorts of values to your script just by
typing in various values in the url.

Since PHP 4.2.0, this property has been turned *off* by default and you
really should leave it that way. In this state, the only way you can
pass values from one script to the next (or to itself, recursively,) is
through forms or hyperlinks that you have coded, and the only way to
retrieve those values is to use the global arrays POST, GET, and REQUEST.

See the following references I posted in a previous thread on this topic:

See the following errata page from Wrox for an explanation (refer to the
second entry on the errata listing):
http://www.wrox.com/books/errata/076...4_errata.shtml

Also see the following documentation on www.php.net (be sure to scroll
to the bottom of the page to the section headed 'SECURITY: NEW INPUT
MECHANISM'):
http://www.php.net/release_4_1_0.php

Also see this page and refer to the big box headed 'Warning':
http://us4.php.net/variables.predefined

Jul 17 '05 #2

This discussion thread is closed

Replies have been disabled for this discussion.