THanks!
"John W. Holmes" <[EMAIL PROTECTED]> wrote in message 000f01c269a4$a7329be0$7c02a8c0@coconut">news:000f01c269a4$a7329be0$7c02a8c0@coconut... > > I didn't realized that PHP had been going so fast that it was creating > > problems for compatiblility. > > > > Here is my situation: PHP on my development server is 4.0.6 while > > on the application server it is PHP 4.2.2. I bet you all know that > there's > > a huge basic differences between the two but I don't know them! > > In PHP 4.2.2, variables passed by either GET or POST method can > > not be accessed straitforwardly by their name, you have to fetch them > > from $HTTP_POST_VARS or $HTTP_GET_VARS. To my understanding, > > directly using submitted variables by their name is one of the basic > great > > PHP features, and I always use vars in this way. However, you can > > imagine that, recently due to the PHP upgrading I got bunch of > problems > > when deploying. > > > > What I want to know are: > > 1. why PHP changed the way to access submitted vars; > > PHP wasn't changed, it just changed the default of one configuration in > php.ini. Set your register_globals back to ON and things are just as > they were in the past. > > It was changed to stop poorly written code from having as many security > issues. If you use a variable $var, you have no idea if it came from the > user, session, cookie, or from the script. You have to remember it > yourself. So, you may assume your script made $var, but it really came > from the URL. Using $_GET['var'] lets you know for sure that that value > came from the url. With register_globals off, you know $var was created > from within your scripts and cannot of came from a user. > > > 2. any good suggestion to avoid this problem, such as that is it > possible > > to configure 4.2.2 to compatible downward. > > register_globals = On > > ---John Holmes... > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php