On Monday 22 April 2002 09:50 am, you wrote:
> On Friday, April 19, 2002, at 09:41 PM, Andre Dubuc wrote:
> > Is there a way I can verify that (a) globals are off and (b) $_SESSION
> > or
> > $_POST are on? This probably what's happening -- I can't access the
> > arrays at
> > all -- so, I think that might be where the problem lies. The $vars
> > still work
> > though throughout all scripts.
>
> $_SESSION and $_POST and other superglobals are already on all the time
> if you use PHP 4.1.x or later.
>
> Verify that globals are off by writing a script that checks the for the
> presence or the value of $variable and then pass "variable=1" or
> something on the querystring in your browser.
>
>
> Erik
>>
> ----
>
> Erik Price
> Web Developer Temp
> Media Lab, H.H. Brown
> [EMAIL PROTECTED]
Thanks Eric,
Sorry about the delay in replying. I was at a funeral today.
I tried what you suggested, and indeed globals are off. Perhaps my problem
stems from my use of the $_GET[] with $vars. I guess I don't really
understand what I'm doing. If you would take a peek at this code [I think
I've introduced a security hole, and I'm mixing up things]:
On page 1:
<?php session_start(); ob_start(); ?>
// ob_start(); so I can have html headers on this page & redirect later
// some other code
<form action="page2.php" method="get">
<?php
// The following line is where I think I've caused myself grief.
<input type=text size=20 name=bozo>
// many other lines of code
<input type=submit name=submit value="Agree">
?>
On page 2:
<?php session_start(); ob_start(); ?>
// ob_start(); so I can have html headers on this page & redirect later
// some other code
<form action="page3php" method="get">
<?php
$bozo = $_GET['bozo'];
/* Now is this correct? Am I exposing 'bozo' to a security hole? For the
rest of the script, with each $_GET['var'] from the previous page I do the
same. Somehow, I don't think I've grasped what to do with $vars. From my
reading elsewhere, should I, for example, in page 1 use something like
:
<input type=text size=20 name="<?php echo $_SESSION['bozo'] ?>">
Once I figure out how I'm supposed to write the variables in the scripts,
I'll be OK. But I'm so CONFUSED! */
if ($bozo == "") die ("Please enter your 'First Name'. <br><br> Click
'Back" in your browser to enter this information.");
// new input variable unique to page 2
<input type=text size=20 name=dodo>
// other code: including an "if $level" statement that checks for level of
registration and redirects, using header("location . . .")
session_write_close(); // to allow the header through
header("location:page 3.php");
?>
On page 3:
<?session_start(); ob_start(); ?>
<?php
/* This page is actually a confirmation page, I've tried to collect the info
from page 1 ($bozo) and page 2 ($dodo) and print them to screen as in */
$bozo = $_GET['bozo'];
$dodo = $_GET['dodo'];
print $bozo $dodo;
/* I've also tried $_SESSION['bozo'], $_GET['bozo'], left out the
'$bozo = $_GET['bozo']' etc, etc, etc. -- I don't know what I'm doing
here!! Help! ! */
?>
{Btw, I've used "bozo" and "dodo" since it's easier to spot the diffference
than what I actually use for the field :>]
Tia,
Andre
--
Please pray the Holy Rosary to end the holocaust of abortion.
Remember in your prayers the Holy Souls in Purgatory.
May God bless you abundantly in His love!
For a free Cenacle Scriptural Rosary Booklet: http://www.webhart.net/csrb/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
