Page 1 of 1
Quick question about "doc=" in a PHP page's URL
Posted: Sun Jun 05, 2005 7:12 am
by dvergatal
Hallo. I'm currently coding a simple PHP site where index.php calls .doc files to fill its contents. i.e. In the links page would be index.php?doc=links which would be calling links.doc from the docs folder and displaying its contents. Now I know that all my syntax is correct and this should be working 100%. But when I have doc=something in my URL it just displays index.php and not the doc.
I'm running it on a test Apache server with PHP Mod installed and working (tested it with a simple php echo). For some reason though when a variable is declared in the URL it isn't seeing it. As I tried putting <? echo $doc ?> in index.php and did index.php?doc=something and got no return for that echo.
Anyone had this or similar before or know what may be causing it?
Posted: Sun Jun 05, 2005 7:13 am
by Revan
Super globals may be off, and if they're not, I highly recommend you don't use them.
Posted: Sun Jun 05, 2005 7:23 am
by timvw
Congratulations, you've asked the most asked question since December 2001.
Posted: Sun Jun 05, 2005 7:59 am
by dvergatal
Do you mean global variables? Because i've already correct that accordingly.
Re: Quick question about "doc=" in a PHP page's UR
Posted: Sun Jun 05, 2005 9:33 am
by RobertGonzalez
dvergatal wrote:Hallo. I'm currently coding a simple PHP site where index.php calls .doc files to fill its contents. i.e. In the links page would be index.php?doc=links which would be calling links.doc from the docs folder and displaying its contents. Now I know that all my syntax is correct and this should be working 100%. But when I have doc=something in my URL it just displays index.php and not the doc.
I'm running it on a test Apache server with PHP Mod installed and working (tested it with a simple php echo). For some reason though when a variable is declared in the URL it isn't seeing it. As I tried putting <? echo $doc ?> in index.php and did index.php?doc=something and got no return for that echo.
Anyone had this or similar before or know what may be causing it?
Post your code. Are you using the $_GET or $_REQUEST syntax for your query_string vars? Give more info please.
Posted: Sun Jun 05, 2005 11:19 am
by dvergatal
Code: Select all
<? if (! $doc) { ?>
Something here..
<? } else {
include('docs/'.$doc.'.doc');
}
?>
The above code is in index.php and in the same folder as index.php is a folder called "docs" in which there is an "articleadd.doc" file containing some HTML/More PHP.
So
http://localhost/index.php opens up index.php with the text "Something here.." in it.
And
http://localhost/index.php?doc=articleadd should replace "Something here.." with the contents of docs/articleadd.doc
But it doesn't detect the variable.
The code and structure im using for this site is copied and pasted from another site I did hosted elsewhere that functions 100% correctly. I'm pretty certain it's something to do with php.ini. I've tried adjusting the global variables setting in the many ways many websites have suggested and to no avail.
Posted: Sun Jun 05, 2005 12:00 pm
by shiznatix
Posted: Sun Jun 05, 2005 12:04 pm
by Roja
Surely you meant

Posted: Sun Jun 05, 2005 12:12 pm
by shiznatix
depends on if you are using error_reportion(E_ALL) or not, i use Edit Plus and its much easier to read if you dont use the ' but thats really a bad habit that i am trying to get out of
Posted: Sun Jun 05, 2005 12:15 pm
by Roja
shiznatix wrote:depends on if you are using error_reportion(E_ALL) or not, i use Edit Plus and its much easier to read if you dont use the ' but thats really a bad habit that i am trying to get out of
No, it doesn't depend on it. Its a warning - its a coding style that has been depreciated and may one day not work. Whether you choose to SEE and ADMIT that you are using depreciated code is dependent on you setting the error reporting to ignore that important fact.
Notably, the fact that the original poster seems to be suffering from a global_register issue in the first place suggests we should encourage *correct* code, not code that might not work in a couple months. Talk about a perfect example.
Posted: Sun Jun 05, 2005 12:34 pm
by shiznatix
suicide is my only option i guess OR i will continue to break my "addiction" to bad coding practices... o snap im overdosing again

Posted: Sun Jun 05, 2005 12:37 pm
by Roja
shiznatix wrote:suicide is my only option i guess OR i will continue to break my "addiction" to bad coding practices... o snap im overdosing again


Oh, everyone has their own bad coding practices.
Me, I don't comment enough. Like, less than 1:100 ratio of comments to code.
Then again, McGruff has a 1,000 line MVC, true OOP version of "Hello, World".
Don't let him tell you otherwise - I've seen the unit tests. All 50 of them.
Posted: Sun Jun 05, 2005 5:05 pm
by RobertGonzalez
dvergatal wrote:Code: Select all
<? if (! $doc) { ?>
Something here..
<? } else {
include('docs/'.$doc.'.doc');
}
?>
The above code is in index.php and in the same folder as index.php is a folder called "docs" in which there is an "articleadd.doc" file containing some HTML/More PHP.
So
http://localhost/index.php opens up index.php with the text "Something here.." in it.
And
http://localhost/index.php?doc=articleadd should replace "Something here.." with the contents of docs/articleadd.doc
But it doesn't detect the variable.
The code and structure im using for this site is copied and pasted from another site I did hosted elsewhere that functions 100% correctly. I'm pretty certain it's something to do with php.ini. I've tried adjusting the global variables setting in the many ways many websites have suggested and to no avail.
One quick suggestion... don't rely on register_globals. If it is on, turn it off. Always code as though there were no register_globals. That being said, change your code to something like this...
Code: Select all
<?
// This would also be a great place for some validation
$doc = $_GET["doc"];
if ( !isset($doc) ) { ?>
Something here..
<? } else {
include('docs/'.$doc.'.doc');
}
?>
Posted: Mon Jun 06, 2005 4:55 am
by JAM
Everah wrote:One quick suggestion... don't rely on register_globals. If it is on, turn it off. Always code as though there were no register_globals. That being said, change your code to something like this...
Code: Select all
<?php // Note 1
if (empty($_GET['doc'])) { // Note 2
?>
Something here..
<?php
} else {
// Note 3
include('docs/'.$_GET['doc'].'.doc');
}
?>
I agree with the usage of register_globals. Main reason, appart from security, is that it makes you code 'better'. But if code should be better, don't use the short-tag version (Note 1) of <?php. Not all servers support that.
Note 2; $doc = $_GET["doc"]; in the above example will throw an 'Undefined index error' without verifying it actually exists.
Note 3; ...and even if it exists, there is a need for verifying that the $_GET['doc'].'.doc' file actually
exists before including it.
Just my $.02
Posted: Mon Jun 06, 2005 8:12 am
by RobertGonzalez
JAM wrote:Everah wrote:One quick suggestion... don't rely on register_globals. If it is on, turn it off. Always code as though there were no register_globals. That being said, change your code to something like this...
Code: Select all
<?php // Note 1
if (empty($_GET['doc'])) { // Note 2
?>
Something here..
<?php
} else {
// Note 3
include('docs/'.$_GET['doc'].'.doc');
}
?>
I agree with the usage of register_globals. Main reason, appart from security, is that it makes you code 'better'. But if code should be better, don't use the short-tag version (Note 1) of <?php. Not all servers support that.
Note 2; $doc = $_GET["doc"]; in the above example will throw an 'Undefined index error' without verifying it actually exists.
Note 3; ...and even if it exists, there is a need for verifying that the $_GET['doc'].'.doc' file actually
exists before including it.
Just my $.02
Nice catch Jam. I was so focused on using the $_GET notation that I threw all other standards out the window. I agree with you completely.
In the step where I set $doc = $_GET["doc"], what if the developer was to write a validation function that checks the value of $_GET["doc"] to make sure that a) the var is not empty and b) the file exists on the server. If it passes, it returns the filename else it will return false. Then, without messing with the rest of the code that has been written, the developer can set $doc equal to the returned value of the function and run the rest of the script the way it is. What do you think?
Code: Select all
<?php
$doc = validate_included_file($_GET["doc"]);
//After validating, run the script
if (! $doc) { ?>
Something here..
<?php } else {
include('docs/'.$doc.'.doc');
}?>