PHP Script argument passing error...

lokee · 04-22-2003, 03:38 PM

Hi,
Currently, I have httpd 2.0.40 running with the imap, perl, ssl, mysql, ldap modules installed.

Here's my problem: I can't pass arguments to my php scripts...
Imagine I had a script named test.php containing:
<?php echo"$y" ?>
When I try to pass argument y from the browser(test.php?y=gsd) nothing gets printed!

Is this a normal behavior? I mean that this isn't supported on my version or that I need a special module or something...

Thanks in Advance,
Best regards,

netdur · 04-22-2003, 04:18 PM

look at php.ini and change this line:
"register_globals = Off" to "register_globals = On"
but that can be bad idea... for multi-reasons, so do not set it "On" and if you want get variables from url you must write (as your example):

PHP Code:



<?Php 
print $_GET['y']; 
?>

so if you want get variables from URL use $_GET['var'] and from form $_POST['var'] and cookie $_COOKIE['var'] and server as $PHP_SELF must be $_SERVER['$PHP_SELF'].
there more as $_SESSION, $_REQUEST, $_ENV, $_FILES and $GLOBALS... just check http://php.net/variables

lokee · 04-23-2003, 11:19 AM

Thanks it works fine now!

In php.ini it says that it's insecure... But every Webpage provider I know has this feature on.
Is it really inscure, if so, Why?

netdur · 04-23-2003, 02:32 PM

This is stupid example but can explain,

PHP Code:



<?Php 
if ($stored_password == $_POST['password']) 
{ 
    $login = true; 
} 
else 
{ 
    $login = false; 
} 
if ($login == true) 
{ 
    mysql_query('DROP DATABASE mysql'); 
} 
?>

code above... need password to remove database, if register_globals is on, you can just write on browser "page.php?login=true" to remove database without password needed...

Proud · 04-23-2003, 02:36 PM

Newbie thought: Have vital things like login as local/private/non-global variables.

lokee · 04-24-2003, 09:42 AM

I tought of a similar thing at first but that won't work since $stored_password won't be equal to $_GET['y'], thus login will be set to false in all cases.