LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Software (https://www.linuxquestions.org/questions/linux-software-2/)
-   -   [Urgent, pls. Help] apache2 setting (https://www.linuxquestions.org/questions/linux-software-2/%5Burgent-pls-help%5D-apache2-setting-454231/)

swmok 06-13-2006 01:41 AM
[Urgent, pls. Help] apache2 setting
 
Hi All:

I use apache2 in Debian Linux.

I use a homepage to read the username and password for user.
The user type in the username and password and then click submit button.
BUT, I cannot read the input. That means, the variables [username] and [password] are empty.

It works in apache (1.3).

Is there anything wrong in apached2 setting? or missing modules?

Pls. help.

Wim Sturkenboom 06-13-2006 03:00 AM
First of all, nothing is urgent when you post here.

1) Are you using this in combination with php? If so, see 2, else I don't know

2)
Are you referring to $HTTP_POST_VARS['username'] and $HTTP_POST_VARS['password'] being empty or to $username and $password being empty (or $HTTP_GET_VARS in case of a GET method)?
There is indeed a setting somewhere (can't remember which one) that can prevent use of $username and $password. If that's indeed the problem, use $HTTP_POST_VARS or $HTTP_GET_VARS; I guess the former will be the case (makes sense as GET will display password in url) but I'm not sure if your form uses POST or GET for the method.

PS I think that the setting you're looking for is register_globals in php.ini. The default value has changed somewhere along the line for security reasons (see http://www.php.net/register_globals )

penguintutor 06-13-2006 03:56 AM
If this is PHP it does sound like it's the register_globals setting which has changed as a result of PHP being upgraded.

In earlier versions of PHP, or with register_globals set then you could just refer to a variable passed using a get or post using the parameter as a variable name. So you could just refer to $username and as long as that was in the get/post it would work.

The problem with this is that if you didn't declare a variable properly then any variable could be passed on the URL with potentially disastrous results.

It is therefore strongly advised that you do NOT change the register_globals setting, but instead update your php to explicitly load any variables.

The simplist way of retrieving this is using the $_GET and $_POST variables.

If using a get (ie. variables are passed on the url) then you would use:
$username = $_GET[username];

if using post (method=post in the forum) then it would be
$username = $_POST[username];

You should of course still check that the data entered is valid, before you make use of it. I usually use a regexp to ensure that the variable only contains alphanumeric characters, so that no programming / SQL syntax can be inserted into the field.

swmok 06-15-2006 12:41 AM
Hi All:
Thanks all you guys.
I fixed the problem. Yes, it is the global variable problems is PHP.
Thanks again.


All times are GMT -5. The time now is 05:04 PM.