setting register_globals as Off

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
lmh85
Forum Commoner
Posts: 49
Joined: Sat Oct 28, 2006 10:49 am

setting register_globals as Off

Post by lmh85 »

currently, my setting for register_globals is On. I try setting it to Off via php.ini
but when i clicked on a button, it turns out to be a forbidden page!
saying i'm not authorised to perform a POST method.
i'm currently on php 5.1.4.
Is there any way i can set my register_globals as Off? i need to set it off because my web hosting company is setting it as off
Thanks in advance for any help!
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

I'm having trouble understanding the connection between editing your php.ini and clicking a button. Can you explain what you're doing in more detail?
lmh85
Forum Commoner
Posts: 49
Joined: Sat Oct 28, 2006 10:49 am

Post by lmh85 »

currently,
my register_globals in my php.ini is On. I tried setting it as Off and tried using my webpage. I tried clicking my button which will validates some inputs and do some stuffs. It is able to do so when my register_global is set as On. But when my register_globals is set as Off. It gives me the following error:

Forbidden
You don't have permission to access /method="post" on this server.
--------------------------------------------------------------------------------
Apache/2.0.54 (Win32) PHP/5.1.4 Server at localhost Port 80


i was trying to execute the following code..

Code: Select all

if(isset($_POST['btnSubmit'])){
	if($_POST['txtComments']==""){
		$comments="Please tell us what u think.";
	}elseif($_POST['txtEmail']==""){
		$comments="Your Email please!";
	}elseif($_POST['txtName']==""){
		$comments="Your Name please!";
	}else{
		error_reporting(0);
		if(mail($sendTo,$subject,$bodyText,"From: <email>")){
		$comments="Thank you for your feedback! We are looking into it now!";
		}else{
		$comments="So sorry! there's something wrong with this page! Please email your feedback to email.Thank you!";
		}
	}
}
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

By chance, is your form using $PHP_SELF?
lmh85
Forum Commoner
Posts: 49
Joined: Sat Oct 28, 2006 10:49 am

Post by lmh85 »

yes. is that a problem?
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

$PHP_SELF will only work with register globals set to ON,

$_SERVER['PHP_SELF'] is what you are looking for, although you shouldn't neccesarily use this as malicious may use this for XSS injection. Is it possible you just hardcore your action?
lmh85
Forum Commoner
Posts: 49
Joined: Sat Oct 28, 2006 10:49 am

Post by lmh85 »

yes! thanks! it solve my problem!! Thank you both of you!
Post Reply