Friday, April 30, 2004, 5:37:15 PM, thus was written:
Hi, Even with register globals off isn't it possible to have a webpage
like this:
Not sure what you are asking. You can have a webpage like this. And I
guess it even does what it should - print the information.
html
head
/head
h2Hello,
Thanks for the response. I basically have an environment analogous to an
internal ISP. A lot of corporate users that have the ability to make web
pages for the intranet etc. Basically management wants PHP turned off
now because a rogue user could potentially gather and store people's
passwords
Yes. My understanding turning globals off stops using $PHP_AUTH_PW directly.
Hi, Even with register globals off isn't it possible to have a webpage
like this:
html
head
/head
h2Hello, ?php echo $_SERVER['PHP_AUTH_USER']; ?
pI know your password is ?php echo $_SERVER['PHP_AUTH_PW']; ?
Patrick Hutchinson wrote:
Thanks for the response. I basically have an environment analogous to an
internal ISP. A lot of corporate users that have the ability to make web
pages for the intranet etc. Basically management wants PHP turned off
now because a rogue user could potentially gather
Hi,
I just want to know if there is a way that i
can have register_globals On in my php.ini file
but for some application i can turn that Off
perhaps with a .htacces file.
In your .htaccess:
php_flag register_globals on
or
php_flag register_globals off
Manual pages at
Thx for your reply It is working.
I also found from php.net that it's possible to set register_globals to
off on a site-by-site basis via Apache, thus overriding the global
setting of register_globals in php.ini:
In httpd.conf:
VirtualHost 127.0.0.1
ServerName localhost
DocumentRoot
Hi,
Thx for your reply It is working.
No probs, glad to help.
I also found from php.net that it's possible
to set register_globals to off on a site-by-
site basis via Apache, thus overriding the global
setting of register_globals in php.ini:
VirtualHost 127.0.0.1
ServerName localhost
On Fri, 25 Oct 2002 13:16:27 +0300
Tjoumaidis [EMAIL PROTECTED] wrote:
Hi to Everyone,
I just want to know if there is a way that i can have register_globals
On in my php.ini file but for some application i can turn that Off
perhaps with a .htacces file.
I prefer it Off in php.ini and On
it works only if i put it in my httpd.conf - yes allowoveride is set to
all :/
i'm using apache 1.3.27 on win2k.
Jon Haworth wrote:
Hi,
Thx for your reply It is working.
No probs, glad to help.
I also found from php.net that it's possible
to set register_globals to off on a site-by-
Hi Frank,
ServerName localhost
DocumentRoot /var/www/html/mysite
php_value register_globals 0 (or 1 for on)
it works only if i put it in my httpd.conf - yes
allowoveride is set to all :/
i'm using apache 1.3.27 on win2k.
Well, you're doing *something* wrong, 'cos it works fine here
well, i found my mistake ;)
on windows i forgot to change the name of the .htaccess-files because on
win they couldnt have a extentsion without a name.
So i've named them now only htaccess without the dot and it works fine
Frank W. wrote:
it works only if i put it in my httpd.conf - yes
AG I have to understand the new register globals off methods and it seems
AG like a good idea to learn that from the beginning but all the books and
AG beginners guides gives examples the old way.
give it 3 more weeks and 2nd edition of PHP Fast Easy will be
out...all register_global
On Monday, July 1, 2002, at 11:30 AM, Adrian Greeman wrote:
Would it be true to say that every time an example is given where data
is
passed on (for forms and so forth) that I can simply replace the
variable in
the example with $_POST or $_GET? Or do I have to do more?
Pretty much.
On Sunday 30 June 2002 23:12, PHPCoder wrote:
Hi
Going through some literature, it seems like the use of registered
globals can cause security issues. Now, the dilemma, all my previous PHP
installations ( for the last year or so ) have come with register
globals = on in the php.ini file by
You could leave the setting to ON in your php.ini, and impose OFF on a
per-directory (account, domain, etc) basis with a .htaccess file (or
vice-versa), assuming you have Apache.
This will mean all new clients will have the setting to OFF, and will do
things the right way from day 1. It will
15 matches
Mail list logo
