ID: 17942 Comment by: [EMAIL PROTECTED] Reported By: [EMAIL PROTECTED] Status: Bogus Bug Type: Scripting Engine problem Operating System: Windows PHP Version: 4.2.1 New Comment:
Regarding PHP & IIS 5.1 If I set register_globals to On, PHP accepts form variables. If not, it accepts : $HTTP_POST_VARS["UserName"] However, this only when I set PHP up using the php.exe file, which, to my knowledge, makes it an insecure CGI program. Is it a security risk using that install method? If so, then how do I make PHP accept form input as an Isapi filter?? Previous Comments: ------------------------------------------------------------------------ [2002-06-24 07:30:22] [EMAIL PROTECTED] In PHP 4.2.0, the 'register_globals' setting default changed to be off. See http://www.php.net/release_4_2_0.php for more info. We are sorry about the inconvenience, but this change was a necessary part of our efforts to make PHP scripting more secure and portable. ------------------------------------------------------------------------ [2002-06-24 07:29:47] [EMAIL PROTECTED] The problem with it is it does not capture form variables. E.g I have a form call form.php with form element named id, K and D. the form post these variables to form_post.php. in the form_post.php, I need the variables, id, K and D and try to refer to it as $id, $K and $D, but nothing works. Thanks. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=17942&edit=1