Topic: passing variables in php differend in SME 7?

[swissis]

Hi i moved my websites to a SME 7 server. all works great accept my pages that rely on passing php variables don't.

http://www.bla.eu/newpage.php?ID=100

This used to work fine in newpage i could refer to the variable by $ID

What has been changed??

[judgej]

It has been made a little more secure, with 'register globals' turned off by default. You can turn it back on with the following entry in .htaccess:

Code: [Select]

php_flag register_globals on

But if your server provides public access, I would highly recommend not doing this. The flaw in this approach is that anyone with the slightest knowledge of your application could set *any* variable, and if that variable happens not to be explicitly initialised, then before long, a hacker could be having all sorts of fun on your server.

-- JJ

[NickCritten]

Your best bet is to import only the variables you need using the import_request_variables() function.. e.g.

To import variables $name, $address, $submit:

Code: [Select]

import_request_variables("gP", "name");
import_request_variables("gP", "address");
import_request_variables("gP", "submit");
I usually follow these up with:

Code: [Select]

if (!isset($name))    $name    =false;
if (!isset($address)) $address =false;
if (!isset($submit))  $submit  =false;
Which defines your imported variables if nothing was GET or POSTed to your script.

You may also want to get into the habit of referencing the GET/POSTed variables directly e.g.

Code: [Select]

$name    =(isset($_POST['name'])    ? $_POST['name']    : false;
$address =(isset($_POST['address']) ? $_POST['address'] : false;
$submit  =(isset($_POST['submit'])  ? $_POST['submit']  : false;


This is good practice for when you eventually start doing things with PHP5 which complains if you refer to undefined variables.

[swissis]

Thanks a lot, it works fine now