On Monday 22 April 2002 09:50 am, you wrote:
> On Friday, April 19, 2002, at 09:41  PM, Andre Dubuc wrote:
> > Is there a way I can verify that (a) globals are off and (b) $_SESSION
> > or
> > $_POST are on? This probably what's happening -- I can't access the
> > arrays at
> > all -- so, I think that might be where the problem lies. The $vars
> > still work
> > though throughout all scripts.
> $_SESSION and $_POST and other superglobals are already on all the time
> if you use PHP 4.1.x or later.
> Verify that globals are off by writing a script that checks the for the
> presence or the value of $variable and then pass "variable=1" or
> something on the querystring in your browser.
> Erik
> ----
> Erik Price
> Web Developer Temp
> Media Lab, H.H. Brown

Thanks Eric,

Sorry about the delay in replying. I was at a funeral today.

I tried what you suggested, and indeed globals are off. Perhaps my problem 
stems from my use of the $_GET[] with $vars. I guess I don't really 
understand what I'm doing. If you would take a peek at this code [I think 
I've introduced a security hole, and I'm mixing up things]:

On page 1:

<?php session_start(); ob_start(); ?>
// ob_start(); so I can have html headers on this page & redirect later
// some other code
<form action="page2.php" method="get">
// The following line is where I think I've caused myself grief. 

<input type=text size=20 name=bozo>

// many other lines of code

<input type=submit name=submit value="Agree">

On page 2: 

<?php session_start(); ob_start(); ?>
// ob_start(); so I can have html headers on this page & redirect later
// some other code
<form action="page3php" method="get">

$bozo = $_GET['bozo'];

/* Now is this correct? Am I exposing 'bozo'  to a security hole? For the 
rest of the script, with each $_GET['var'] from the previous page I do the 
same. Somehow, I don't think I've grasped what to do with $vars. From my 
reading elsewhere, should I, for example, in page 1 use something like
        <input type=text size=20 name="<?php  echo $_SESSION['bozo'] ?>">

Once I figure out how I'm supposed to write the variables in the scripts, 
I'll be OK. But I'm so CONFUSED!  */

if  ($bozo == "") die ("Please enter your 'First Name'. <br><br> Click 
'Back" in your browser to enter this information.");

// new input variable unique to page 2
<input type=text size=20 name=dodo>

// other code: including an "if $level"  statement that checks for level of 
registration and redirects, using header("location . . .")

session_write_close(); // to allow the header through
header("location:page 3.php");

On page 3:

<?session_start(); ob_start(); ?>

/* This page is actually a confirmation page, I've tried to collect the info 
from page 1 ($bozo) and page 2 ($dodo) and print them to screen as in */

$bozo = $_GET['bozo'];
$dodo = $_GET['dodo'];

print $bozo $dodo;

/* I've also tried $_SESSION['bozo'], $_GET['bozo'], left out the 
'$bozo = $_GET['bozo']' etc, etc, etc. -- I don't know what I'm doing 
here!! Help! !  */

{Btw, I've used "bozo" and "dodo" since it's easier to spot the diffference 
than what I actually use for the field :>]

Please pray the Holy Rosary to end the holocaust of abortion.
Remember in your prayers the Holy Souls in Purgatory.

May God bless you abundantly in His love!
For a free Cenacle Scriptural Rosary Booklet: http://www.webhart.net/csrb/

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to