On Wed, Nov 25, 2009 at 3:01 PM, Allen McCabe allenmcc...@gmail.com wrote:
*Warning*: Unknown: Your script possibly relies on a session side-effect
which existed until PHP 4.2.3. Please be advised that the session extension
does not consider global variables as a source of data, unless
LPAC - Arts for Youth - Seat OrdersI am getting the following error message,
but ONLY on a page where I am querying multiple tables, and I don't see the
correlation:
*
*
*Warning*: Unknown: Your script possibly relies on a session side-effect
which existed until PHP 4.2.3. Please be advised that
Are you running PHP as a Module or as CGI or FCGI?
Look at phpinfo() output to be SURE.
If it's not running as a Module, none of those directives are defined,
because Apache (which implements .htaccess) has no friggin' idea what
php_value or php_flag is without PHP Module there to tell it.
On
On 6/7/07, Afan Pasalic [EMAIL PROTECTED] wrote:
hi,
this question is already posted thousand times. but, after I tried for 2
hours to figure it out, I gave up and posted the question here.
I'm rebuilding one site. php 4.4.4
as usual, register_globals on, as well as magic_quotes.
I tried to turn
Tijnema wrote:
On 6/7/07, Afan Pasalic [EMAIL PROTECTED] wrote:
hi,
this question is already posted thousand times. but, after I tried for 2
hours to figure it out, I gave up and posted the question here.
I'm rebuilding one site. php 4.4.4
as usual, register_globals on, as well as
hi,
this question is already posted thousand times. but, after I tried for 2
hours to figure it out, I gave up and posted the question here.
I'm rebuilding one site. php 4.4.4
as usual, register_globals on, as well as magic_quotes.
I tried to turn it off using .htaccess but what ever I change
or put individual php.ini files in the folder that
contains the files im running. In other words do it myself.
So I created this file:
[PHP]
register_globals = on
named it php.ini and dropped it in the folder with all of my files.
It didn't help any.
So I added this line to the first file
include
. That I could
create a .htaccess file or put individual php.ini files in the folder that
contains the files im running. In other words do it myself.
So I created this file:
[PHP]
register_globals = on
named it php.ini and dropped it in the folder with all of my files.
It didn't help any.
So I
.
So I created this file:
[PHP]
register_globals = on
named it php.ini and dropped it in the folder with all of my files.
It didn't help any.
So I added this line to the first file
include ('php.ini');
all it does is add :[PHP] register_globals = on as text at the top of my
page now
Hello.
In my php.ini file register_globals has value Off.
I have script
?php
ini_set(register_globals, 0);
echo ini_get(register_globals);
?
Script echo 1. But if i create .htaccess in this dir which contains
string
php_value register_globals 0, my script return 0.
Hello,
Sunday, April 4, 2004, 1:17:53 AM, you wrote:
n Why i cann't change register_globals value with ini_set()?
Because it's a system level configuration value - you cannot change it
in your scripts.
register_globals supports PHP_INI_PERDIR and PHP_INI_SYSTEM - meaning
it can only be
I have REGISTER_GLOBALS set to off. I have read and read, but cannot figure out what I
need to do code wise to keep from getting the following message:
Warning: Unknown(): Your script possibly relies on a session side-effect which existed
until PHP 4.2.3. Please be advised that the session
I have a webpage that needs to use some specific php.ini settings
different from other php applications on my web server. I have created a
.htaccess file with the following content:
php_flag register_globals 1
php_flag error_reporting E_ALL ~E_NOTICE
It works fine, but only on Mozilla and
[snip]
I have a webpage that needs to use some specific php.ini settings
different from other php applications on my web server. I have created a
.htaccess file with the following content:
php_flag register_globals 1
php_flag error_reporting E_ALL ~E_NOTICE
It works fine, but only on Mozilla
Jay Blanchard wrote:
[snip]
I have a webpage that needs to use some specific php.ini settings
different from other php applications on my web server. I have created a
.htaccess file with the following content:
php_flag register_globals 1
php_flag error_reporting E_ALL ~E_NOTICE
It works
[snip]
Put a page in that directory called test.php with only
?php
phpinfo();
?
It doesn't work at all if I put AddType application/x-httpd-php .php
[/snip]
Did you try the test.php above?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
: Bogdan Albei [mailto:[EMAIL PROTECTED]
Sent: Wednesday, December 03, 2003 4:43 AM
To: [EMAIL PROTECTED]
Subject: [PHP] register_globals problem
I have a webpage that needs to use some specific php.ini settings
different from other php applications on my web server. I have created a
.htaccess file
: RE: [PHP] register_globals problem
The only problem I see with that is that you're using the constants E_ALL
and E_NOTICE in the .htaccess file. You can't use constants there, you need
to use the actual number. (2047 ~8) == 2039:
php_flag register_globals 1
php_flag error_reporting 2039
Chris
Jay Blanchard wrote:
[snip]
Put a page in that directory called test.php with only
?php
phpinfo();
?
It doesn't work at all if I put AddType application/x-httpd-php .php
[/snip]
Did you try the test.php above?
Yes, I have. Doesn't work.
--
PHP General Mailing List
[snip]
Did you try the test.php above?
Yes, I have. Doesn't work.
[/snip]
Then your httpd.conf in not configured properly. It would appear to me
that PHP is not working at all. I went to the URL inquestion and did not
find this test page, so it will be hard for me to help you. Does PHP
work
]
Subject: RE: [PHP] register_globals problem
The only problem I see with that is that you're using the constants E_ALL
and E_NOTICE in the .htaccess file. You can't use constants there, you need
to use the actual number. (2047 ~8) == 2039:
php_flag register_globals 1
php_flag error_reporting 2039
[snip]
It doesn't work. After all a script that contains only phpinfo()
(e-technics.com/dorna/info.php) works OK, but the webpage, which is a
PhpNuke doesn't work.
[/snip]
Actually info.php works in IE and reports register_global is ON locally
(within that directory). Therefore, as I stated
Jay Blanchard wrote:
[snip]
It doesn't work. After all a script that contains only phpinfo()
(e-technics.com/dorna/info.php) works OK, but the webpage, which is a
PhpNuke doesn't work.
[/snip]
Actually info.php works in IE and reports register_global is ON locally
(within that directory).
[snip]
If I create an PHP environment such that I don't need to override
register_globals and error_reporting with a .htaccess file it works just
fine, so I guess the problem is in the .htaccess file. I posted my
httpd.conf file at http://e-technics.com/dorna/httpd.conf.
If I comment the lines
Jay Blanchard wrote:
[snip]
If I create an PHP environment such that I don't need to override
register_globals and error_reporting with a .htaccess file it works just
fine, so I guess the problem is in the .htaccess file. I posted my
httpd.conf file at http://e-technics.com/dorna/httpd.conf.
If
[snip]
Actually, according to the info.php page for that directory
register_globals is ON as you desire...correct?
Correct, the .htaccess file overides just fine register_globals and
error_reporting but somehow Internet Explorer and Konqueror does not
load the page.
[/snip]
But IE and
Jay Blanchard wrote:
[snip]
Actually, according to the info.php page for that directory
register_globals is ON as you desire...correct?
Correct, the .htaccess file overides just fine register_globals and
error_reporting but somehow Internet Explorer and Konqueror does not
load the page.
[snip]
But IE and Konqueror both load the info.php correctly from my end. It
is
the index.php for Nukemods.com that gets hosed in those browsers.
So you're saying that index.php is broken? Then why it gets loaded fine
if I delete the .htaccess file?
[/snip]
That is exactly what I am saying.
Jay Blanchard wrote:
[snip]
But IE and Konqueror both load the info.php correctly from my end. It
is
the index.php for Nukemods.com that gets hosed in those browsers.
So you're saying that index.php is broken? Then why it gets loaded fine
if I delete the .htaccess file?
[/snip]
That is
Hi everyone,
I have a PHP application that passes variables (values) from a form.
I get these using $_POST
However I do also post some variables via a link. Which ofcourse requires
register_globals to be ON.
I would like to secure this application. What would be the best way of
doing this and
Hi Fernando,
I have a PHP application that passes variables (values) from a form.
I get these using $_POST
However I do also post some variables via a link. Which ofcourse requires
register_globals to be ON.
Do you mean variables in a URL, like this:
www.example.com/index.php?foo=1bar=2
Thanks.
I don't see how this makes it more secure though?
The values are still picked up the same way from a URL
-Original Message-
From: Jon Haworth [mailto:[EMAIL PROTECTED]
Sent: 13 November 2003 13:28
To: [EMAIL PROTECTED]
Subject: Re: [PHP] register_globals security
Hi Fernando
On Thu, Nov 13, 2003 at 01:55:08PM +0200, Fernando Melo wrote:
: Jon Haworth responded:
: : Fernando Melo wrote:
: :
: : I have a PHP application that passes variables (values) from a form.
: : I get these using $_POST
: :
: : However I do also post some variables via a link. Which ofcourse
picked up the same way from a URL
-Original Message-
From: Jon Haworth [mailto:[EMAIL PROTECTED]
Sent: 13 November 2003 13:28
To: [EMAIL PROTECTED]
Subject: Re: [PHP] register_globals security
Hi Fernando,
I have a PHP application that passes variables (values) from a form.
I get
Yup I still don't see how it improves anything with regards to security.
-Original Message-
From: Raditha Dissanayake [mailto:[EMAIL PROTECTED]
Sent: 13 November 2003 15:24
To: [EMAIL PROTECTED]
Subject: Re: [PHP] register_globals security
Hi,
There is also a $_REQUEST variable
[snip]
There is also a $_REQUEST variable.
At the risk of starting another flame war: IMHO switching off register
globals and relying on $_POST etc can lull you into a false sense of
security.
[/snip]
***applause***
Bottom-lineas I just said in another threadinitialize your
variables
with regards to security.
-Original Message-
From: Raditha Dissanayake [mailto:[EMAIL PROTECTED]
Sent: 13 November 2003 15:24
To: [EMAIL PROTECTED]
Subject: Re: [PHP] register_globals security
Hi,
There is also a $_REQUEST variable.
At the risk of starting another flame war: IMHO switching off
--- Fernando Melo [EMAIL PROTECTED] wrote:
I have a PHP application that passes variables (values) from a form.
I get these using $_POST
However I do also post some variables via a link. Which ofcourse
requires register_globals to be ON.
This is a common problem I see on this list. When
--- Raditha Dissanayake [EMAIL PROTECTED] wrote:
At the risk of starting another flame war: IMHO switching off register
globals and relying on $_POST etc can lull you into a false sense of
security.
I agree, and this is more true with the safe_mode directive, which I have
always thought was
Shiflett [mailto:[EMAIL PROTECTED]
Sent: 13 November 2003 17:07
To: Fernando Melo; '[EMAIL PROTECTED]'
Subject: Re: [PHP] register_globals security
--- Fernando Melo [EMAIL PROTECTED] wrote:
I have a PHP application that passes variables (values) from a form.
I get these using $_POST
However I do
--- Fernando Melo [EMAIL PROTECTED] wrote:
I was not making an assumption. I was stating a fact.
I get these using $_POST
I did NOT state that register_globals needs to be on to do what I'm
doing.
If you're going to make false claims about what you previously said, you
might want to snip
Hi all,
I use suse8.2 professional
I have upgraded php 4.3.1 to 4.3.3 with rpm suse project.
In the php.ini I have set the registr_globals=3D Off and Ih th directory
/srv/www/html/mysites1 I have created the file .htaccess with:
php_flag register_globals on for only this site.
With the
[snip]
With the function phpinfo I have see that the Master Value is Off and
the=
Load Value is On but the site don't running successfully.
With suse8.1 with php4.2.2 I have nothing problem.
Any idea ?
[/snip]
Does the site rely on files outside of that directory? Do you 'allow
overrides' for
--- [EMAIL PROTECTED] wrote:
In the php.ini I have set the registr_globals=3D Off
I'm assuming that 3D was put in there by some faulty mail client? Also, make
sure you spell it register_globals.
php_flag register_globals on for only this site.
With the function phpinfo I have see that the
--- [EMAIL PROTECTED] wrote:
The problem concern:
The correct site is: www.gardafun.com with apache.1.3.27 and
php-4.0.6 with register_globals = On
The new webserver is 213.21.138.119 with suse8.2 apache1.3.27 and
php-4.3.3 with register_globals=off in the php.ini and in the
.htaccess
Please include the list in all of your replies. I skim message subjects and
don't read all messages. If you reply only to me, there's a good chance it will
not be read, and no one else will have a chance to answer your question.
--- [EMAIL PROTECTED] wrote:
As i know, if register_globals is
Well, it does turn off. At least phpinfo() says that it's off. However, PHP
is acting as though it's still turned on. The source code for the page I'm
using to test this odd result is:
html
head
/head
body
form action=?=$_SERVER['PHP_SELF']? method=post
input name=test
input type=submit
/form
I don't know much about this, but could it have been cached?
Cristian
Damon Kohler wrote:
Well, it does turn off. At least phpinfo() says that it's off.
However, PHP is acting as though it's still turned on. The
source
code for the page I'm using to test this odd result is:
html
head
No, it's not cached. I can type in anything to the input and it'll show up.
As in, if I type test into the form, it prints test. Then if I type hello
world it'll print hello world. So I'm pretty sure caching isn't the
problem.
Damon
Cristian Lavaque [EMAIL PROTECTED] wrote in message
Are you using third party code that might be doing the export to global
space itself?
Rob.
On Sat, 2003-09-27 at 22:21, Damon Kohler wrote:
No, it's not cached. I can type in anything to the input and it'll show up.
As in, if I type test into the form, it prints test. Then if I type hello
I don't think so... You have something particular in mind? You can check out
the page itself at http://my.innermetrix.cc/test.php
Damon
Robert Cummings [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
Are you using third party code that might be doing the export to global
space
On Sat, 27 Sep 2003 20:05:10 -0400
Damon Kohler [EMAIL PROTECTED] wrote:
Well, it does turn off. At least phpinfo() says that it's off.
However, PHP is acting as though it's still turned on. The source
code for the page I'm using to test this odd result is:
snip
I'm running PHP 4.3.3 on
Rather than turning on register globals system wide I'd use .htaccess to
enable register globals for the specific sites or applications that
require them. Because the super globals have been introduced the
problem with register globals and application security may be more
prounounced for
Hi,
I have configured PHP 4.3.3 in which register_gloabals is set to be off. I
modified etc/php.ini and set it to be On but still it shows it is off and
some developed applications in php are asking for it to be turned on. How
do I do this?
Regards,
DT
--
PHP General Mailing List
Deependra b. Tandukar wrote:
Hi,
I have configured PHP 4.3.3 in which register_gloabals is set to be off.
I modified etc/php.ini and set it to be On but still it shows it is off
and some developed applications in php are asking for it to be turned
on. How do I do this?
Did you restart the web
Try restarting your apache.
-murugesan
- Original Message -
From: Deependra b. Tandukar [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, September 03, 2003 10:09 AM
Subject: [PHP] register_globals
Hi,
I have configured PHP 4.3.3 in which register_gloabals is set to be off. I
a while ago we upgraded the php installations on our servers. for a quick fix
we set register_globals to on for code compatibility. Since then we have been
cleaning up code to eliminate this. We likely still have some virtual hosts who
are using these globals though, so while we are wanting
Hi,
I think you want to use:
php_value register_globals Off
I have this setup in VirtualHost's and in .htaccess files. The
difference between php_value and php_admin_value is that php_admin_value
can not be overridden in a .htaccess file or VirtualHost. So if you want
to enforce some settings
I found a class that allows you to have a multiple page listing, where
it displays a certain number of items, and then you click on the next
page to show the next results. I found that it needs to have
register_globals turned on. I am learning, and would like to have
someone look at the class
I found a class that allows you to have a multiple page listing, where
it displays a certain number of items, and then you click on the next
page to show the next results. I found that it needs to have
register_globals turned on. I am learning, and would like to have
someone look at the class
Well, I know it has something to do with register_globals, because it
only starts working when I turn register_globals on. If it is off, the
script doesn't work.
Here is the php file that calls to the class. It doesn't seem to have
anything that is global, but as I said before, I am not very
I'm thinking of running a shopping cart package (osCommerce)
that requires
register_globals to be enabled. With all the warnings about
security with
register_globals enabled I'm worried.
How dangerous is it?
The key defensive step is to initialize all of your session variables at the
I'm thinking of running a shopping cart package (osCommerce) that requires
register_globals to be enabled. With all the warnings about security with
register_globals enabled I'm worried.
How dangerous is it?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit:
Sam,
The register_globals can be dangerous to turn on but it really depends
on the quality of code that the shopping cart was written. See
Examples below for explanation.
Say you had a script that looked like this.
?PHP
$Q = Select * from Stored CreditCards where User='$User';
.
yeh, I'd strongly agree with Jonathan's view that quality of the code can
mitigate against the dangers of register_globals.
FYI, an interesting article on php vulnerabilities is at:
http://www.securereality.com.au/studyinscarlet.txt
David Eisenhart
Jonathan Pitcher [EMAIL PROTECTED] wrote in
three solutions:
1. turn register_globals off for compatibility purposes via .htaccess
file in the script's directory
2. create a auto_prepend file with the following: extract($_GET), this
should do the trick
3. rewrite the whole code to make any user-input (form) variable to be
$_REQUEST or
I know its stupid but i´ve been writing a site for a register_globals = on
enviroment
now i need to convert all the code to an off setting
the page is built by sending a whole lot off vars to diferent pages.
as you can see below the hyperlink sends the id var to the same page and
then echos the
on 29/01/03 6:41 AM, Kiswa ([EMAIL PROTECTED]) wrote:
change If($id==1){ to If($_GET['id']==1){
or put this line near the top of your script:
$id = $_GET['id'];
or, a little more anal:
if(isset($_GET['id'])) { $id = $_GET['id']; }
Justin
font size=2a href=left.php?id=1
I'm looking for a good class for forms that will work with
register_globals off. I was planning to modify Manuel Lemos's class,
but it turned out to be too big of a task. Any ideas?
--
The above message is encrypted with double rot13 encoding. Any unauthorized attempt to decrypt it will be
try using pear...
On Sat, 2002-11-16 at 22:53, Leif K-Brooks wrote:
I'm looking for a good class for forms that will work with
register_globals off. I was planning to modify Manuel Lemos's class,
but it turned out to be too big of a task. Any ideas?
--
The above message is encrypted
I am planning to use Manuel Lemos's form class for a web site I am
working on. However, I need to have register_globals set to off. I was
planning to rewrite the portions of the class that access submitted form
values directly to use the suberglobal arrays. When I started, though,
I saw how
On Wednesday 13 November 2002 23:57, Leif K-Brooks wrote:
I am planning to use Manuel Lemos's form class for a web site I am
working on. However, I need to have register_globals set to off. I was
planning to rewrite the portions of the class that access submitted form
values directly to use
Even if the method is post, you can have get variables, if the form has
action=script.php?get_var=value
Jason Wong wrote:
On Wednesday 13 November 2002 23:57, Leif K-Brooks wrote:
I am planning to use Manuel Lemos's form class for a web site I am
working on. However, I need to have
On Thursday 14 November 2002 03:41, Marek Kilimajer wrote:
Even if the method is post, you can have get variables, if the form has
action=script.php?get_var=value
Yes but I don't (need to) define my forms like that so I don't really care :-)
--
Jason Wong - Gremlins Associates -
I'm very new to PHP/mySQL and am working through the PHP and mySQL for
Dummies examples. Unfortunately, these were all written with
register_globals on and the system I'm using has register_globals off.
I'm having trouble converting the examples to use the $_POST() expression.
Specifically,
At 21:05 12.11.2002, Mark Spohr said:
[snip]
I'm trying to convert this to use $_POST() as such:
if ($_POST['form'] == yes)
{
unset($_POST['form']);
}
However, this does not work. It appears that you can't unset the
$_POST['form'] array element.
Hi there
In my shop a had this code to add a product to the shoppingcart:
session_start();
session_register(cart);
if($action == addtocart)
{
$cart[] = $id,$amount;
}
To view the cart i had to explode the session_variable $cart and get
more data from the database.
session_start();
Hi,
I'm working on a site where I'm using geeklog
http://geeklog.sourceforge.net/
It has the requirement that
Geeklog needs the register_globals variable turned on in order to work.
Since PHP 4.2.0, the default for register_globals is off. To fix it,
simply add the following line to your
I'm working on a site where I'm using geeklog
http://geeklog.sourceforge.net/
It has the requirement that
Geeklog needs the register_globals variable turned on in order to work.
Since PHP 4.2.0, the default for register_globals is off. To fix it,
simply add the following line to your
The manual is up-to-date on this topic, for questions
related to register_globals and form variables please
feel free to point to:
http://www.php.net/manual/en/language.variables.external.php
Or the shortcut (all man pages work this way):
http://www.php.net/variables.external
In fact,
I am sorry if this is asked before, but I have apache 2.0.36 with php 4.2.1
in the php.ini file register_globals is set off, but i want to turn it on in
some directories
I tried to create .htaccess file in that directory and put in it
php_flag register_globals on
but its not working, so did i
PROTECTED]
To: Ahmed Abdalla [EMAIL PROTECTED]
Sent: Tuesday, June 11, 2002 9:06 PM
Subject: Re: [PHP] register_globals flag in some directories
Ahmed,
The /etc/httpd/conf/httpd.conf file might not allow .htaccess to
override the setting. I've just tried this here and if I have
AllowOverride All then I
-Original Message-
From: Kevin Stone [mailto:[EMAIL PROTECTED]]
Sent: 09 May 2002 23:09
Hmm. No offense ..., but I don't believe turning
Registered Globals off
will have any effect on security. Turning Registered Globals off just
provides a more strict environment for coding.
At 14:16 10/05/2002, Ford, Mike [LSS] wrote:
No, but this:
if (isset($password)): // register_globals on
$super_user = $password==$super_password;
endif;
if ($super_user):
// sensitive admin stuff
endif;
is more secure than:
if
-Original Message-
From: Zeev Suraski [mailto:[EMAIL PROTECTED]]
Sent: 10 May 2002 12:36
You meant it the other way around, didn't you? :)
Er, yes! ;)
(I cut-and-pasted one example to create the other, and then changed the wrong on to
off!!)
Cheers!
Mike
-Original Message-
From: Ford, Mike [LSS] [mailto:[EMAIL PROTECTED]]
Sent: 10 May 2002 12:54
To: 'Zeev Suraski'
Cc: [EMAIL PROTECTED]
Subject: RE: [PHP] register_globals in php4
-Original Message-
From: Zeev Suraski [mailto:[EMAIL PROTECTED]]
Sent: 10 May 2002 12:36
At 15:13 10/05/2002, Ford, Mike [LSS] wrote:
I should have said less secure rather than more secure.
Am I right this time?
Yep :)
Zeev
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
On Fri, 10 May 2002, Ford, Mike [LSS] wrote:
Also, by using the $_POST, $_GET arrays, you know exactly where the
input is coming from (even if register_globals is also on!). If you
have register_globals set to on, and you just look to see if (say)
$password has a value, which
Mike,
Both of your bit of code are not equal.
On my ISP in 4.0.6 isset returned false if the variable was not existing OR
empty
in 4.2 isset returns true if the variable exists but is empty, so you may
want to check with empty instead of isset
Luc
At 12:16 10/05/2002 +0100, Ford, Mike
Hello list,
php4.1 recommends to set register_globals=off in php.ini to make php
more strict. My question is, if I turn off register_globals, what will
happen if any malicious user just try to modify the variable values in
the url? Say,
http://www.domain.com/xxx.php?id=3sex=female
Does it
On Fri, 10 May 2002, Patrick Hsieh wrote:
php4.1 recommends to set register_globals=off in php.ini to make php
more strict. My question is, if I turn off register_globals, what will
happen if any malicious user just try to modify the variable values in
the url? Say,
- Original Message -
From: Patrick Hsieh [EMAIL PROTECTED]
Hello list,
php4.1 recommends to set register_globals=off in php.ini to make php
more strict. My question is, if I turn off register_globals, what will
happen if any malicious user just try to modify the variable values in
- Original Message -
From: Miguel Cruz [EMAIL PROTECTED]
To: Patrick Hsieh [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Thursday, May 09, 2002 11:52 AM
Subject: Re: [PHP] register_globals in php4
On Fri, 10 May 2002, Patrick Hsieh wrote:
php4.1 recommends to set register_globals=off
On Thu, 9 May 2002, Kevin Stone wrote:
If register_globals is off, then you'll get $_GET['id'] = 3 and
$_GET['sex'] = female. It's then up to you to make sure those are okay.
But at least $id and $sex won't get set until you explicitly set them in
your code.
Hmm. No offense Miguel, but I
How do I use $PHP_SELF with register_globals off? I looked up the
documentation on php.net but haven't gotten this line of code to work:
form name=form5 method=post action='?php echo($_SERVER[PHP_SELF];
?'
I get this error instead:
[28-Apr-2002 16:33:31] PHP Parse error: parse error,
Message-
From: Kirk Babb [mailto:[EMAIL PROTECTED]]
Sent: Sunday, April 28, 2002 3:58 PM
To: [EMAIL PROTECTED]
Subject: [PHP] register_globals=Off Question
How do I use $PHP_SELF with register_globals off? I looked up the
documentation on php.net but haven't gotten this line of code
On Sun, 28 Apr 2002, Kirk Babb wrote:
How do I use $PHP_SELF with register_globals off? I looked up the
documentation on php.net but haven't gotten this line of code to work:
form name=form5 method=post action='?php echo($_SERVER[PHP_SELF];
?'
action='?= $_SERVER['PHP_SELF'] ?'
miguel
Looks like you forgot your ticks ' around the PHP_SELF. If I am correct,
it should be $_SERVER['PHP_SELF'].
Either way, you might want to try this. Somebody else posted it before and
I have been using it so that no matter what version of PHP my program runs
on, it should work.
if
Hello,
in php 4.0.6 on the begin of the script include file called config.php.
In config file i have ini_set('register_globals', 'off');
i setup session via session_register('variable') and redirect to
another page, where i include the same config (config.php) and call
session_start(); but when
On Sunday, March 31, 2002, at 04:05 AM, Liam wrote:
at the moment I have register_globals set to on
Is there any reason I should turn it off?
What are the security risks of having them on?
I once asked this exact question, and here is the response I got -- I
found it very helpful:
Give
1 - 100 of 114 matches
Mail list logo
