Koozali.org: home of the SME Server
Obsolete Releases => SME Server 7.x => Topic started by: swissis on August 09, 2006, 09:54:51 PM
-
Hi i moved my websites to a SME 7 server. all works great accept my pages that rely on passing php variables don't.
http://www.bla.eu/newpage.php?ID=100
This used to work fine in newpage i could refer to the variable by $ID
What has been changed??
-
It has been made a little more secure, with 'register globals' turned off by default. You can turn it back on with the following entry in .htaccess:
php_flag register_globals on
But if your server provides public access, I would highly recommend not doing this. The flaw in this approach is that anyone with the slightest knowledge of your application could set *any* variable, and if that variable happens not to be explicitly initialised, then before long, a hacker could be having all sorts of fun on your server.
-- JJ
-
Your best bet is to import only the variables you need using the import_request_variables() function.. e.g.
To import variables $name, $address, $submit:
import_request_variables("gP", "name");
import_request_variables("gP", "address");
import_request_variables("gP", "submit");
I usually follow these up with:
if (!isset($name)) $name =false;
if (!isset($address)) $address =false;
if (!isset($submit)) $submit =false;
Which defines your imported variables if nothing was GET or POSTed to your script.
You may also want to get into the habit of referencing the GET/POSTed variables directly e.g.
$name =(isset($_POST['name']) ? $_POST['name'] : false;
$address =(isset($_POST['address']) ? $_POST['address'] : false;
$submit =(isset($_POST['submit']) ? $_POST['submit'] : false;
This is good practice for when you eventually start doing things with PHP5 which complains if you refer to undefined variables.
-
Thanks a lot, it works fine now