Variables problem

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

I recently upgraded my webserver from SuSE 8.1 to 8.2. Strange thing
happened. My php scripts are working only partially. When I do a call
something.php?st=100, I somehow lose that variable and next page doesn't
show nothing. Even form with POST method doesn't submit anything. It
does submit an empty form though...

Any ideas what's going on.


Re: Variables problem

could be a register_globals problem

if register_globals is off now, ?st=100 will not be registered
automatically as $st=100 anymore.

instead it will be accessible through the $_POST array as $_POST['st'].

if that is the problem, rather change your scripts than switch on
register_globals, because register_globals off is a good thing to have
(security wise).


Re: Variables problem

One quick glance of an experienced eye allowed to understand the blurred
and almost unreadable micha's handwriting:

Quoted text here. Click to load it

Nope, it'll be the $_GET array and $_GET['st']. :)

Quoted text here. Click to load it

Agreed. Imagine you are using a global variable called "admin" set to
false unles a proper admin authorization occurs... Now, when you have
register_globals set to "on", you'll get this global var in the $admin
var AND ?anything=whatever will give you a global var $anything with
value "whatever".
Now imagine somebody doing this:


You will get the $admin var with "true" as value - but without any
When register globals is off, you'll get your global var as
$GLOBALS['admin'] and the var from the address as $_GET['admin'] - no
security risk here. :)


Re: Variables problem

yes, the $_GET array. sorry.


Re: Variables problem

Quoted text here. Click to load it

Something like:


Quoted text here. Click to load it

Nope, doens't change anything in the sample code above.

register_globals doens't protect from using uninitialized variables
at all.

You'd be right if the programmer was stupid enough to authenticate like:


But that would be caught by the proper error level reporting setting
during development.

Site Timeline