DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=9821>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=9821 PHP... $QUERY_STRING is always empty (with GET) ------- Additional Comments From [EMAIL PROTECTED] 2002-06-14 16:49 ------- For archival purposes, here's some information on this issue: QUERY_STRING is a predefined variable, much like HTTP_REFERER, HTTP_USER_AGENT, DOCUMENT_ROOT, etc. PHP allows access to these like most other variables, such as GET and POST. PHP has a directive called register_globals, this setting essentially extracts/imports variables (as per the PHP directive variables_order) into the current scope. This method "used" to be common, PHP is convincing people to change this behavior though. There are many other options/ways to retrieve this information in PHP, for example: http://www.example.com/foo.php?id=33&color=blue // Has worked since PHP 3 (forever) // Before 4.0.3 track_vars had to be enabled (on by default) print $HTTP_SERVER_VARS['QUERY_STRING']; print $HTTP_GET_VARS['id']; // Has worked since PHP 4.1.0 // (new superglobals introduced) print $_SERVER['QUERY_STRING']; print $_GET['id']; print $_REQUEST['id']; // Works if register_globals = on. As of PHP 4.2.0 the // default value for register_globals = off, before this // time it was on. This is a MAJOR change in PHP. print $QUERY_STRING; print $id; // Works as of PHP 4.1.0 import_request_variables('gpc', 'r_'); print $r_id; register_globals cannot be set at runtime (ini_set()), the closest to this would putting the following in .htaccess (if the host allows such things, like by having: AllowOverride Options in the conf file (http.conf)). php_flag register_globals on Hacking this together at runtime can be done too but isn't recommended (wasteful) but there are those times when one might want to do this I suppose. :) For example: // A hack to mimic register_globals at runtime // (do you really want to do this?) if (!ini_get('register_globals')) { $types_to_register = array('GET','POST','COOKIE', 'SESSION','SERVER'); foreach ($types_to_register as $type) { if (@count(${'HTTP_' . $type . '_VARS'}) > 0) { extract(${'HTTP_' . $type . '_VARS'}, EXTR_OVERWRITE); } } } Or use array_merge() or something similiar. Yes the default for register_globals has changed and is causing some headache but this difficult decision was made as having register_globals = off makes it more difficult to write insecure (sloppy) code. Here are some related reading materials: * http://www.php.net/manual/en/language.variables.predefined.php * http://www.php.net/manual/en/security.registerglobals.php * http://www.php.net/release_4_1_0.php * http://www.php.net/release_4_2_0.php Regards, Philip Olson --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
