Page 1 of 1
setting register_globals as Off
Posted: Sat Nov 11, 2006 11:06 pm
by lmh85
currently, my setting for register_globals is On. I try setting it to Off via php.ini
but when i clicked on a button, it turns out to be a forbidden page!
saying i'm not authorised to perform a POST method.
i'm currently on php 5.1.4.
Is there any way i can set my register_globals as Off? i need to set it off because my web hosting company is setting it as off
Thanks in advance for any help!
Posted: Sat Nov 11, 2006 11:11 pm
by feyd
I'm having trouble understanding the connection between editing your php.ini and clicking a button. Can you explain what you're doing in more detail?
Posted: Sat Nov 11, 2006 11:20 pm
by lmh85
currently,
my register_globals in my php.ini is On. I tried setting it as Off and tried using my webpage. I tried clicking my button which will validates some inputs and do some stuffs. It is able to do so when my register_global is set as On. But when my register_globals is set as Off. It gives me the following error:
Forbidden
You don't have permission to access /method="post" on this server.
--------------------------------------------------------------------------------
Apache/2.0.54 (Win32) PHP/5.1.4 Server at localhost Port 80
i was trying to execute the following code..
Code: Select all
if(isset($_POST['btnSubmit'])){
if($_POST['txtComments']==""){
$comments="Please tell us what u think.";
}elseif($_POST['txtEmail']==""){
$comments="Your Email please!";
}elseif($_POST['txtName']==""){
$comments="Your Name please!";
}else{
error_reporting(0);
if(mail($sendTo,$subject,$bodyText,"From: <email>")){
$comments="Thank you for your feedback! We are looking into it now!";
}else{
$comments="So sorry! there's something wrong with this page! Please email your feedback to email.Thank you!";
}
}
}
Posted: Sat Nov 11, 2006 11:34 pm
by feyd
By chance, is your form using $PHP_SELF?
Posted: Sat Nov 11, 2006 11:38 pm
by lmh85
yes. is that a problem?
Posted: Sat Nov 11, 2006 11:44 pm
by John Cartwright
$PHP_SELF will only work with register globals set to ON,
$_SERVER['PHP_SELF'] is what you are looking for, although you shouldn't neccesarily use this as malicious may use this for XSS injection. Is it possible you just hardcore your action?
Posted: Sat Nov 11, 2006 11:50 pm
by lmh85
yes! thanks! it solve my problem!! Thank you both of you!