Page 1 of 1
Passing Variables w/ PHP 5.1.5
Posted: Tue Aug 22, 2006 12:45 pm
by ibanez270dx
Hi,
I have a portion of code in my PHP program that works on my personal server, but not on the freshly installed server here at work... Originally, my server had PHP version 4.3.11, whereas my new server has PHP 5.1.5. Here is the problem... This snippet of code no longer can pass the variables to the next page:
Code: Select all
<a href="export.php?w=1&month=<? echo $today_month; ?>&year=<? echo $today_year; ?>&listorder=<? echo $listorder; ?>&filename=<? echo $thefilename; ?>" name="2excel" class="print" target="_blank"><img src="images/excel.gif" border="0"> <b>Export to Excel</b></a>
However, when I use sessions, it works. I don't know what could be wrong... I'm thinking it has to do with configuration settings somehow, but I don't know what...
Thanks,
- Jeff
Posted: Tue Aug 22, 2006 1:01 pm
by feyd
I would guess short tags are off ("A good thing.")
<? to <?php
Posted: Tue Aug 22, 2006 1:19 pm
by ibanez270dx
nah, I used <?php ... but I found out what was wrong - register_globals was turned off, so I had to switch it on in php.ini
Posted: Tue Aug 22, 2006 1:22 pm
by feyd
Do not turn them on. Bad, bad, bad monkey.
I'm serious though, don't have them on. Code properly by using $_GET, $_POST, $_COOKIE, $_SESSION and $_SERVER. Do not use $_REQUEST unless you know
exactly what you're doing. Both register_globals and short_tags are being removed from PHP shortly. I don't want to see hundreds, although I know I will, of threads on "my code doesn't work anymore" when that happens.
Posted: Tue Aug 22, 2006 2:09 pm
by ibanez270dx
Thanks for the heads up!
Posted: Tue Aug 22, 2006 3:30 pm
by Ollie Saunders
Do not use $_REQUEST unless you know exactly what you're doing.
This makes me think. What would be a legitmate use for $_REQUEST?
Posted: Tue Aug 22, 2006 3:53 pm
by feyd
ole wrote:This makes me think. What would be a legitmate use for $_REQUEST?
The only time I can safely say it's "okay" to use is when you peek at the ini setting that controls it and the setting matches what you're looking for. Remember that the order in which the letters appear alters which super global goes first and so forth.
http://php.net/ini.core#ini.variables-order
Posted: Tue Aug 22, 2006 5:01 pm
by volka
What's so bad about _REQUEST? Isn't user input considered unsecure/harmful until proven otherwise -regardless of the method?
Posted: Tue Aug 22, 2006 5:28 pm
by feyd
volka wrote:What's so bad about _REQUEST? Isn't user input considered unsecure/harmful until proven otherwise -regardless of the method?
True, it is, but using it can cause some phantom errors or other potentially unexpected results.
For example, if your local server runs with GP while your host runs PG and you aren't checking, you could accidentally use the wrong data. As long as proper checks are done, you should, overall, be fine.
Posted: Tue Aug 22, 2006 6:18 pm
by volka
if two parameters with the same name do different things depending on wether they are sent via get or post in the same request imho the application has a bigger problem than the use of _REQUEST.
Posted: Tue Aug 22, 2006 6:20 pm
by feyd
volka wrote:if two parameters with the same name do different things depending on wether they are sent via get or post in the same request imho the application has a bigger problem than the use of _REQUEST.
Quite true, but that's a different story.
