Page 1 of 1

setting register_globals as Off

Posted: Sat Nov 11, 2006 11:06 pm
by lmh85
currently, my setting for register_globals is On. I try setting it to Off via php.ini
but when i clicked on a button, it turns out to be a forbidden page!
saying i'm not authorised to perform a POST method.
i'm currently on php 5.1.4.
Is there any way i can set my register_globals as Off? i need to set it off because my web hosting company is setting it as off
Thanks in advance for any help!

Posted: Sat Nov 11, 2006 11:11 pm
by feyd
I'm having trouble understanding the connection between editing your php.ini and clicking a button. Can you explain what you're doing in more detail?

Posted: Sat Nov 11, 2006 11:20 pm
by lmh85
currently,
my register_globals in my php.ini is On. I tried setting it as Off and tried using my webpage. I tried clicking my button which will validates some inputs and do some stuffs. It is able to do so when my register_global is set as On. But when my register_globals is set as Off. It gives me the following error:

Forbidden
You don't have permission to access /method="post" on this server.
--------------------------------------------------------------------------------
Apache/2.0.54 (Win32) PHP/5.1.4 Server at localhost Port 80


i was trying to execute the following code..

Code: Select all

if(isset($_POST['btnSubmit'])){
	if($_POST['txtComments']==""){
		$comments="Please tell us what u think.";
	}elseif($_POST['txtEmail']==""){
		$comments="Your Email please!";
	}elseif($_POST['txtName']==""){
		$comments="Your Name please!";
	}else{
		error_reporting(0);
		if(mail($sendTo,$subject,$bodyText,"From: <email>")){
		$comments="Thank you for your feedback! We are looking into it now!";
		}else{
		$comments="So sorry! there's something wrong with this page! Please email your feedback to email.Thank you!";
		}
	}
}

Posted: Sat Nov 11, 2006 11:34 pm
by feyd
By chance, is your form using $PHP_SELF?

Posted: Sat Nov 11, 2006 11:38 pm
by lmh85
yes. is that a problem?

Posted: Sat Nov 11, 2006 11:44 pm
by John Cartwright
$PHP_SELF will only work with register globals set to ON,

$_SERVER['PHP_SELF'] is what you are looking for, although you shouldn't neccesarily use this as malicious may use this for XSS injection. Is it possible you just hardcore your action?

Posted: Sat Nov 11, 2006 11:50 pm
by lmh85
yes! thanks! it solve my problem!! Thank you both of you!