At 9/27/2002, you wrote:
>Erwin <mailto:[EMAIL PROTECTED]> scribbled;
> >
> > Qmail List wrote:
> >> Hello List,
> >>
> >> I'm putting a php app that has been off-line for about 18 months back
> >> on-line. During my absence from php I had heard about some security
> >> issues, so figured I'd try the latest 4.2.3 release.
> >>
> >> Sessions and the DB are fine, but GET/POST vars are continually
> >> empty. I mean a form submission from .html to .php (about the
> >> simplest thing possible) the variables are not getting populated with
> >> their form values.
> >
> > Turn register_globals = On in the php.ini file...
> >
> > HTH
> > Erwin
>Or better yet, actually use the new $_GET[] and $_POST[] and leave that
>option off.

If you want to make the script compatible both with register globals=off 
and work with old AND new PHP versions, use $HTTP_POST_VARS  and 
$HTTP_GET_VARS. Manual says they are deprecated, but there is no reason to 
presume they are removed from PHP any time soon. And if that day comes it's 
a few minutes task to search and replace all sources to convert them to 
$_GET and $_POST.

For commonly used $PHP_SELF I use this:

if (isset($_SERVER)) $PHP_SELF = $_SERVER['PHP_SELF'];
$scriptname = basename($PHP_SELF);

This way users don't have to select from two source versions, one > PHP 
4.1.0 and one < 4.1.0.

Pekka Saarinen

PHP General Mailing List (
To unsubscribe, visit:

Reply via email to