very strange to me anyone know why this happend?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
ianhull
Forum Contributor
Posts: 310
Joined: Tue Jun 14, 2005 10:04 am
Location: Hull England UK

very strange to me anyone know why this happend?

Post by ianhull »

I have just setup a new server IIS6, PHP5x MySQL5.20,

I have posted some data to a php update script

Code: Select all

<?php session_start();

if (empty($_SESSION['myuser_name'])){
echo '<meta http-equiv="refresh" content="0;URL=../index.php" />';
exit();
}

include_once("../includes/connection.php");

$updateProfile = mysql_query("UPDATE users SET email = '$email', live_id = '$live_id', telephone_1 = '$telephone_1', telephone_2 = '$telephone_1', mobile_1 = '$mobile_1',  mobile_2 = '$mobile_2', pager = '$pager'") or die(mysql_error());

?>
But I have not setup variables to retrieve the data like

Code: Select all

$email = $_POST['email'];
but yet my records were updated.

Anyone know why this has happend?

Is it some server settings?

Thanks
User avatar
dibyendrah
Forum Contributor
Posts: 491
Joined: Wed Oct 19, 2005 5:14 am
Location: Nepal
Contact:

Post by dibyendrah »

It seems that register global is on.
Edit your php.ini and set

Code: Select all

register_globals = off
And restart the web server to see the effect.

Hope that works.
ianhull
Forum Contributor
Posts: 310
Joined: Tue Jun 14, 2005 10:04 am
Location: Hull England UK

Post by ianhull »

Thanks for that,

One other thing, does it matter if register globals is on?

Does this allow me to post data like this without using the request from post?

any known issue with posting data like this?

Thanks
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

The mere fact that it can be turned off would suggest you shouldn't rely on it being on. Secondly, it defaults to off in later versions of PHP. Third, PHP 6 marks the removal of it all together if memory serves.
User avatar
s.dot
Tranquility In Moderation
Posts: 5001
Joined: Sun Feb 06, 2005 7:18 pm
Location: Indiana

Post by s.dot »

ianhull wrote:any known issue with posting data like this?
Security issues with poorly written scripts, or scripts that are not well thought of.
Set Search Time - A google chrome extension. When you search only results from the past year (or set time period) are displayed. Helps tremendously when using new technologies to avoid outdated results.
User avatar
dibyendrah
Forum Contributor
Posts: 491
Joined: Wed Oct 19, 2005 5:14 am
Location: Nepal
Contact:

Post by dibyendrah »

ianhull wrote:Thanks for that,

One other thing, does it matter if register globals is on?

Does this allow me to post data like this without using the request from post?

any known issue with posting data like this?

Thanks
It might be but looking at your code that might have happened because you're not taking POST, GET but it's taking some other global values. So, try with setting register_global off.
User avatar
aaronhall
DevNet Resident
Posts: 1040
Joined: Tue Aug 13, 2002 5:10 pm
Location: Back in Phoenix, missing the microbrews
Contact:

Post by aaronhall »

As a side note, it's more reliable to use

Code: Select all

header("Location: foobar.php");
instead of a meta redirect tag.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

aaronhall wrote:As a side note, it's more reliable to use

Code: Select all

header("Location: foobar.php");
instead of a meta redirect tag.
Just remember to use a full URL. ;)
User avatar
dibyendrah
Forum Contributor
Posts: 491
Joined: Wed Oct 19, 2005 5:14 am
Location: Nepal
Contact:

Post by dibyendrah »

feyd wrote:
aaronhall wrote:As a side note, it's more reliable to use

Code: Select all

header("Location: foobar.php");
instead of a meta redirect tag.
Just remember to use a full URL. ;)
If the path is relative, do we need to give full URL ?
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

Always. 100% of the time if you want to conform the the HTTP specification.
Post Reply