Chris Streatfield wrote:
Here's a little problem I'm just discovering.
The issue has been brought to my attention by a couple of my clients when
their mail() replies were suddenly turning up with zero variable content.
I have several html/php contact/subscribe forms which return a mail reply to
the web site owner. These have recently been turning up with none of the
variables being picked up from the html form. The mail() library is still
sending the reply correctly. All the material is hosted on commercial ISP web
servers. A couple of them have clearly upgraded to PHP 5.x recently.
When a user fills out the form and presses the submit button the process page
picks up the variables from the input and mails the output back to the site
owner. Recently some of these replies have started to show up with the
variables not being picked up. On looking through the official PHP
documentation it would seem to be an issue of the change in the use of
globals being turned off by default in 5.x onwards. I found an example of a
function in the documentation to include that simulates globals being turned
on but this does not seem to be working as expected.
Hi Chris,
Don't worry; globals have not been disabled. However, what you're
referring to (registering input data as global variables) has been
disabled by default since PHP 4.2. It has always been possible to
disable it (and for a long time, recommended to disable it) via the
register_globals ini directive, and it's still possible to enable it
using register_globals.
However: like I said, it's not recommended. It's a security risk, and
registering input data as global variables will be removed entirely in
PHP 6. As of PHP 5.3 it is officially deprecated.
Have a look at the following page in the documentation for more
information on this:
http://www.php.net/manual/en/ini.core.php#ini.register-globals
In a case like yours, I'd recommend leaving register_globals disabled
and either fixing your scripts, or prepending an included file which
would gather the needed data from $_GET, $_POST, or $_REQUEST, sanitize
it, and *then* create the needed global variables using that data. This
second option would likely require the fewest changes to your existing
scripts.
Regards,
Torben
While this is a very simple (and possibly only a bit irritating) problem the
nightmare scenario for me is that I have a great many files (read several Ks)
that rely on the same functionality, as the access to several MySql
databases. I have very quickly tested a couple of these database constructs
on one of the hosting sites where the mail() forms have failed and the
database constructs do not work either. I really would prefer not to have to
spend the whole of the next year re-writing all these files especially as
this work is all voluntary.
Now if these very simple html form / php processing structures are now going
to fail by not retrieving the variables what are we supposed to do to create
web site contact forms or data entry pages for database access. I have tried
constructing the forms as hybrid php/html and included the function noted
above and this did not work either. In fact on one of the servers running the
upgrade even logging on to the database construct froze at the first
processing page. I think that either this
header("Location: adminhome.php");
exit(); failed to trigger or the "session_register();" failed.raised
Any suggestions advice would be most welcome.
I have included an example snippet of code from one of the mailback forms that
has been working correctly for several years.
A snippet of example code
The Form:
Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";>
http://www.w3.org/1999/xhtml";>
On-line Membership form
Join the Campaign
ON-LINE ANNUAL SUBSCRIPTION FORM
Contact Details
Name
size="35" />
Address
Suburb
City/Postcode
Phone
..
-ENDS---
The processing done in -
$mailcontent="This is the reply from the on-line membership subscription form
on the web-site.
Contact Details-\n
Name:- $firstname
Address:--
$address
$suburb
$city\n
Phone:--- $tel
...
--";
$additionalheaders="From: webs...@example.com\n";
mail($toaddress, $subject, $mailcontent, $additionalheaders);
?>
---ENDS
All the best
Chris
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
