Re: [PHP] PHP 4.2.2 vs PHP 4.0.6
> From: Alex Shi [mailto:[EMAIL PROTECTED]] > 1. why PHP changed the way to access submitted vars; Because if you use a hidden variable like $validuser='yes' inside your script you probably forgot to check whether the user did this: www.eol.ca/page.php?validuser=yes > 2. any good suggestion to avoid this problem, such as that is it possible > to configure 4.2.2 to compatible downward. extract($HTTP_POST_VARS) will create all variables from that array. - Steve Yates - An unbreakable toy is only useful for breaking other toys. ~ Do you like my taglines? Add them to your messages and ~ laugh through hundreds more by downloading Taglinator ~ at www.srtware.com today! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP 4.2.2 vs PHP 4.0.6
That's because in the newer versions of php the register globals directive is set to off by default...If you turn that directive on and then restart apache, you will be able address GET/POST vars normally (by their identical var name) - Mike D >Hi, > >I didn't realized that PHP had been going so fast that it was creating >problems for compatiblility. > >Here is my situation: PHP on my development server is 4.0.6 while >on the application server it is PHP 4.2.2. I bet you all know that there's >a huge basic differences between the two but I don't know them! >In PHP 4.2.2, variables passed by either GET or POST method can >not be accessed straitforwardly by their name, you have to fetch them >from $HTTP_POST_VARS or $HTTP_GET_VARS. To my understanding, >directly using submitted variables by their name is one of the basic great >PHP features, and I always use vars in this way. However, you can >imagine that, recently due to the PHP upgrading I got bunch of problems >when deploying. > >What I want to know are: >1. why PHP changed the way to access submitted vars; >2. any good suggestion to avoid this problem, such as that is it possible >to configure 4.2.2 to compatible downward. > >Thanks! > >Alex Shi > >BTW: my development server is RH Linux 7.1 so cannot upgrade PHP >to 4.2.2. > > > >-- >--- >TrafficBuilder Network: >http://www.bestadv.net/index.cfm?ref=7029 > > >-- >PHP General Mailing List (http://www.php.net/) >To unsubscribe, visit: http://www.php.net/unsub.php -- Mike Dunlop Webmaster Animation World Network [EMAIL PROTECTED] http://www.awn.com (323) 606-4238 office (323) 466-6619 fax 6525 Sunset Blvd. GS10 Los Angeles, CA 90028 USA -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP 4.2.2 vs PHP 4.0.6
THanks! "John W. Holmes" <[EMAIL PROTECTED]> wrote in message 000f01c269a4$a7329be0$7c02a8c0@coconut">news:000f01c269a4$a7329be0$7c02a8c0@coconut... > > I didn't realized that PHP had been going so fast that it was creating > > problems for compatiblility. > > > > Here is my situation: PHP on my development server is 4.0.6 while > > on the application server it is PHP 4.2.2. I bet you all know that > there's > > a huge basic differences between the two but I don't know them! > > In PHP 4.2.2, variables passed by either GET or POST method can > > not be accessed straitforwardly by their name, you have to fetch them > > from $HTTP_POST_VARS or $HTTP_GET_VARS. To my understanding, > > directly using submitted variables by their name is one of the basic > great > > PHP features, and I always use vars in this way. However, you can > > imagine that, recently due to the PHP upgrading I got bunch of > problems > > when deploying. > > > > What I want to know are: > > 1. why PHP changed the way to access submitted vars; > > PHP wasn't changed, it just changed the default of one configuration in > php.ini. Set your register_globals back to ON and things are just as > they were in the past. > > It was changed to stop poorly written code from having as many security > issues. If you use a variable $var, you have no idea if it came from the > user, session, cookie, or from the script. You have to remember it > yourself. So, you may assume your script made $var, but it really came > from the URL. Using $_GET['var'] lets you know for sure that that value > came from the url. With register_globals off, you know $var was created > from within your scripts and cannot of came from a user. > > > 2. any good suggestion to avoid this problem, such as that is it > possible > > to configure 4.2.2 to compatible downward. > > register_globals = On > > ---John Holmes... > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] PHP 4.2.2 vs PHP 4.0.6
> I didn't realized that PHP had been going so fast that it was creating > problems for compatiblility. > > Here is my situation: PHP on my development server is 4.0.6 while > on the application server it is PHP 4.2.2. I bet you all know that there's > a huge basic differences between the two but I don't know them! > In PHP 4.2.2, variables passed by either GET or POST method can > not be accessed straitforwardly by their name, you have to fetch them > from $HTTP_POST_VARS or $HTTP_GET_VARS. To my understanding, > directly using submitted variables by their name is one of the basic great > PHP features, and I always use vars in this way. However, you can > imagine that, recently due to the PHP upgrading I got bunch of problems > when deploying. > > What I want to know are: > 1. why PHP changed the way to access submitted vars; PHP wasn't changed, it just changed the default of one configuration in php.ini. Set your register_globals back to ON and things are just as they were in the past. It was changed to stop poorly written code from having as many security issues. If you use a variable $var, you have no idea if it came from the user, session, cookie, or from the script. You have to remember it yourself. So, you may assume your script made $var, but it really came from the URL. Using $_GET['var'] lets you know for sure that that value came from the url. With register_globals off, you know $var was created from within your scripts and cannot of came from a user. > 2. any good suggestion to avoid this problem, such as that is it possible > to configure 4.2.2 to compatible downward. register_globals = On ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] PHP 4.2.2 vs PHP 4.0.6
Alex You can change back to the old way of parsing vars by simply changing the "register_globals" setting to "on" in your PHP config. Though this is certainly not recommended (mainly for security concerns). Good PHP coding practice suggests that you use superglobals when you wish to access session, cookie, post, get or environment variables. This URL will explain everything http://www.zend.com/zend/art/art-sweat4.php Regards Jarrad Kabral -Original Message- From: Alex Shi [mailto:[EMAIL PROTECTED]] Sent: Wednesday, 2 October 2002 9:29 AM To: [EMAIL PROTECTED] Subject: [PHP] PHP 4.2.2 vs PHP 4.0.6 Hi, I didn't realized that PHP had been going so fast that it was creating problems for compatiblility. Here is my situation: PHP on my development server is 4.0.6 while on the application server it is PHP 4.2.2. I bet you all know that there's a huge basic differences between the two but I don't know them! In PHP 4.2.2, variables passed by either GET or POST method can not be accessed straitforwardly by their name, you have to fetch them from $HTTP_POST_VARS or $HTTP_GET_VARS. To my understanding, directly using submitted variables by their name is one of the basic great PHP features, and I always use vars in this way. However, you can imagine that, recently due to the PHP upgrading I got bunch of problems when deploying. What I want to know are: 1. why PHP changed the way to access submitted vars; 2. any good suggestion to avoid this problem, such as that is it possible to configure 4.2.2 to compatible downward. Thanks! Alex Shi BTW: my development server is RH Linux 7.1 so cannot upgrade PHP to 4.2.2. -- --- TrafficBuilder Network: http://www.bestadv.net/index.cfm?ref=7029 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
