passing variables in url on Localhost

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
robertwatcher
Forum Newbie
Posts: 4
Joined: Sun Aug 31, 2003 1:24 am
Location: Ontario Canada

passing variables in url on Localhost

Post by robertwatcher »

I have just downloaded Apache and PHP to my Windows 2000 computer to run as localhost so I can develop php pages and test them before placing the pages on my hosted website.

The problem I am having is that all my webpages rewrite themselves ($PHP_SELF?plhld=$tmp) and pass on variables in the URL. This works perfectly fine (the variables change the content of the page) on my website but the same pages do not work at all on my home computer (the new page does not recognize the passed variable).

Is there a setting I have to change in an init file??? Or is there something different with the settup on a home computer and the web?
User avatar
JAM
DevNet Resident
Posts: 2101
Joined: Fri Aug 08, 2003 6:53 pm
Location: Sweden
Contact:

Post by JAM »

register_globals are by default turned off in todays PHP versions. Perhaps your webhost still has it enabled?

Are you using $_GET['plhld'] or $plhld in your script when you are getting the values? If it's the later one, you might want to read up on the last link in my signature.
robertwatcher
Forum Newbie
Posts: 4
Joined: Sun Aug 31, 2003 1:24 am
Location: Ontario Canada

Post by robertwatcher »

I am just calling the variable $plhld. So is there a way I can turn the registered variables on, on my Localhost setup - being I have so much code written without the GET[] and POST[] stuff?
User avatar
JAM
DevNet Resident
Posts: 2101
Joined: Fri Aug 08, 2003 6:53 pm
Location: Sweden
Contact:

Post by JAM »

Search for register_globals in your php.ini file.

Tho, you should not. Using $_GET/$_POST makes it work no matter what the state of register_globals are. (Besides from all other benefits, security especially)

It might be hard work, but you'll gain from it. =/
robertwatcher
Forum Newbie
Posts: 4
Joined: Sun Aug 31, 2003 1:24 am
Location: Ontario Canada

Post by robertwatcher »

Thanks Jam - you're right, I should rewrite the code so it will work if I change servers or use pieces of code for other sites. - so it's as universal as possible - also I never realized there was a security issue involved.

Appreciate the help.
User avatar
JAM
DevNet Resident
Posts: 2101
Joined: Fri Aug 08, 2003 6:53 pm
Location: Sweden
Contact:

Post by JAM »

robertwatcher wrote:...also I never realized there was a security issue involved.
Yes, that is probably the most vital issue of changing it.

Personally I also think that _POST and _GEt makes it easier for the eye when browsing the code, as they are so much self explainatory just by looking at them.

Happy rewriting. :D
robertwatcher
Forum Newbie
Posts: 4
Joined: Sun Aug 31, 2003 1:24 am
Location: Ontario Canada

Post by robertwatcher »

It was much easier than I had anticipated. Thank goodness that I wrote most of my website code in modules that are "included" into the pages.

All my pages use the same include for passing and which sends the variable with the URL and reads it back at the top of the page when the page is rewritten to itself, so I only had to add - $plhld = $_GET['plhld']; - to the top of this one included module, and my whole site works properly on my computer (Localhost).

Thanks again for recommending I make the change!!!
m3rajk
DevNet Resident
Posts: 1191
Joined: Mon Jun 02, 2003 3:37 pm

Post by m3rajk »

robertwatcher wrote:I am just calling the variable $plhld. So is there a way I can turn the registered variables on, on my Localhost setup - being I have so much code written without the GET[] and POST[] stuff?
while it's possible and poeople have told you how, before you do you should fo search for register_globals on http://www.php.net


you'll see it's turned off by default as a securit precaution. what you've done is the same as $var=$_REQUEST['variable'];

imagine for a second that the order of your request string is SCSPG and i know your calls and displays a file via a variable $page in a hidden post element.

if i call the page with ?page=/etc/skel

i will see your skel file now. i'll see stuff i should never see
Post Reply