JD wrote:
I posted this earlier and it disappeared from the NewsGroup
I tried running this script by typing this in my browser window>
http://www.myserver.org/parpass.php parm1 parm2
The script runs but does not report any parameters
"Parameters"? HAH! Klingon functions do not have 'parameters'. They have
ARGUMENTS. And they ALWAYS WIN THEM.
But seriously (ahem), there could be two issues here.
1. Assuming that your url example above is literally verbatim, you
appear to be missing the required question mark before the 'parameters'
and the required ampersand between them, with no spaces, thus the
'correct' way to type the url is:
http://www.myserver.org/parpass.php?parm1&parm2
where 'parm1' is 'myvariable1=myvalue1' and 'parm1' is
'myvariable2=myvalue2'.
2. The more fundamental and important problem is that you really
shouldn't be able to do this in the first place.
Run a phpinfo.php script and look for the property called
'register_globals', which, when turned on, allows any values passed
through a url to become automatically recognized as global variables by
default. This is a tremendous security problem, as it allows malicious
users to potentially pass all sorts of values to your script just by
typing in various values in the url.
Since PHP 4.2.0, this property has been turned *off* by default and you
really should leave it that way. In this state, the only way you can
pass values from one script to the next (or to itself, recursively,) is
through forms or hyperlinks that you have coded, and the only way to
retrieve those values is to use the global arrays POST, GET, and REQUEST.
See the following references I posted in a previous thread on this topic:
See the following errata page from Wrox for an explanation (refer to the
second entry on the errata listing):
http://www.wrox.com/books/errata/076...4_errata.shtml
Also see the following documentation on
www.php.net (be sure to scroll
to the bottom of the page to the section headed 'SECURITY: NEW INPUT
MECHANISM'):
http://www.php.net/release_4_1_0.php
Also see this page and refer to the big box headed 'Warning':
http://us4.php.net/variables.predefined