Re: RH8, apache 2, php 4.2.2 problems

Thu, 05 Dec 2002 20:01:48 -0800


After 2 hours of messing with it, and about 10 minutes after I posted to this list I figured that out :)
Thanks!
How is having register_globals off better for security? Do you know the specifics of why they recommend that? I am doing it with register_globals off, but typing $_POST everywhere that used to just be $var is annoying.
I don't really want to redue all my scripts for no reason if this doesn't really improve security.
Tom



From: Brian Ashe <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
To: Christensen Tom <[EMAIL PROTECTED]>
Subject: Re: RH8, apache 2, php 4.2.2 problems
Date: Thu, 5 Dec 2002 21:19:40 -0500

Hello Christensen,

Thursday, December 5, 2002, 8:32:00 PM, you textually orated:


CT> OK,
CT> I know the transition form apache 1.x to 2 isn't supposed to be easy...
CT> but, here's the deal.
CT> I am setting up a new website, apache 2, redhat 8, php 4.2.2 (default redhat
CT> 8 install).

CT> I can't get html forms to pass their variables successfully to my php
CT> scripts.
CT> I create a simple form ie
CT> <form name="test" method="post" action="test.php">
CT> <input type="text" name="firstname">
CT> <input type=submit name="submit">

CT> and then my php script:

CT> <?
CT> print $firstname;
CT> print "firstname";
?>>

CT> the results of this are that it prints "firstname" (without the quotes) but
CT> it never prints the string supplied in the form.
CT> suggestions?

PHP 4.2.x and up are all installed with register_globals = off in the
php.ini file.

Some people believe that this is a security improvement. I'll leave that to
your own discretion.

You have two choices...

1. Use $_POST[firstname] (or it's friends $_GET, $_COOKIE, etc.)

2. Turn on register_globals in your php.ini file.

Have fun,
--
_________________________________________________________________
Brian Ashe CTO
[EMAIL PROTECTED] Dee-Web Software Services, LLC.
http://www.dee-web.com/
-----------------------------------------------------------------



--
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list

_________________________________________________________________
Tired of spam? Get advanced junk mail protection with MSN 8. http://join.msn.com/?page=features/junkmail



--
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list

Reply via email to