Page 1 of 1

POST Qustion

Posted: Tue Feb 28, 2006 4:40 pm
by zolo44
Ok, this may be a newbie question but it's giving me a headache and frankly i'm too tired to think now.

I have a site that I took over due to the server crashing. Now that problem is that the old server was running php 4.0.

Now this new one is running the latest version... Now, I know there is going to be problems with it and that's fine, but what i didn't expect is that the $_POST superglobal not working.

My question to you fellas is;

Is there something that I need to enable the $_POST and $_GET superglobals? Something on apache2? or perhaps on the php.ini? Or is that something that is automatically enabled?

This is part of the phpinfo():

Configure Command './configure' '--with-mysql' '--with-apxs2=/usr/bin/apxs2'

Any responses will be appreciated.

Posted: Tue Feb 28, 2006 4:49 pm
by feyd
By latest version, which version are you taking about?

Posted: Tue Feb 28, 2006 4:58 pm
by zolo44
PHP Version 5.0.5

Posted: Tue Feb 28, 2006 5:29 pm
by a94060
i dont think that anything will need to be enabled.


in order to get the values,you should just be able to use

Code: Select all

var=$_POST['fieldname'];
change the filed name to the value that you want to pass on.

Posted: Tue Feb 28, 2006 5:36 pm
by zolo44
Unfortunately that doesn't work since there is nothing in the $_POST array. Im wondering if I need to have register_globals on?

Posted: Tue Feb 28, 2006 5:47 pm
by a94060
i think that might be a good idea. gogole the register_globals(that might be the case because i got really frustraed when i was coding my first couple of forms and entering data into a database.

Posted: Tue Feb 28, 2006 5:55 pm
by John Cartwright
I'm pretty much boggled as to why $_POST is not registering..

The only thing I can think of is

Code: Select all

; Maximum size of POST data that PHP will accept.
post_max_size = 8M
is set to 0 ? Though that is highly unlikely.

Even still, if the problem persists, try re-installing php with the ACTUAL latest version 5.1.2 (found at http://ca.php.net/downloads.php)

Also are you positive your form action is set to POST?
i think that might be a good idea. gogole the register_globals(that might be the case because i got really frustraed when i was coding my first couple of forms and entering data into a database.
For the love of PHP God, please do not ever enable register_globals, considering it is a massive security risk. I'm sure if you did google it, you'd find many many many rescources explainining why it is evil.

Posted: Tue Feb 28, 2006 5:56 pm
by a94060
thank god a mod kicked in...i would have screwed you up...good info for me also.



EDIT-here,i find it
Perhaps the most controversial change in PHP is when the default value for the PHP directive register_globals went from ON to OFF in PHP 4.2.0. Reliance on this directive was quite common and many people didn't even know it existed and assumed it's just how PHP works. This page will explain how one can write insecure code with this directive but keep in mind that the directive itself isn't insecure but rather it's the misuse of it.

When on, register_globals will inject your scripts with all sorts of variables, like request variables from HTML forms. This coupled with the fact that PHP doesn't require variable initialization means writing insecure code is that much easier. It was a difficult decision, but the PHP community decided to disable this directive by default. When on, people use variables yet really don't know for sure where they come from and can only assume. Internal variables that are defined in the script itself get mixed up with request data sent by users and disabling register_globals changes this. Let's demonstrate with an example misuse of register_globals:

Example 29-1. Example misuse with register_globals = on
<?php
// define $authorized = true only if user is authenticated
if (authenticated_user()) {
$authorized = true;
}

// Because we didn't first initialize $authorized as false, this might be
// defined through register_globals, like from GET auth.php?authorized=1
// So, anyone can be seen as authenticated!
if ($authorized) {
include "/highly/sensitive/data.php";
}
?>

When register_globals = on, our logic above may be compromised. When off, $authorized can't be set via request so it'll be fine, although it really is generally a good programming practice to initialize variables first. For example, in our example above we might have first done $authorized = false. Doing this first means our above code would work with register_globals on or off as users by default would be unauthorized.

Posted: Wed Mar 01, 2006 5:33 pm
by zolo44
Hmm, very strange...

guess what, i enable globals and $_POST works. damn, not only that but the whole site is using it.

I guess it's re-write time.

Thanks for your guy's help.

Posted: Wed Mar 01, 2006 6:43 pm
by a94060
its funny huh? that exactly what i said....its pretty cool?i enabled it and it worked. i will be configuring a new server(linux) so i will have to make sure that works.