Page 1 of 1
random requirement for using $_GET
Posted: Mon Dec 17, 2007 9:28 pm
by paqman
I've been creating php websites for a few years now and I've encountered the same problem a number of times now. After a website is finished, and has been working perfectly for a while (one was an entire year) suddenly the script starts to act weird. If I called $variable in the script, assuming it was from $_GET['variable'] and did not declare $variable = $_GET['variable'] then $variable returns blank, no matter what. I know it's good practice to always declare $_GET variables, but why is it randomly suddenly becoming a problem?
I'm asking this because one directory of my website suddenly has this problem (I've fixed a few sites I've made on other servers) while all other folders outside of it are still okay. Any ideas?
Posted: Mon Dec 17, 2007 10:38 pm
by John Cartwright
Sounds like your webhost changed the php.ini configuration setting "register global". You should also code with it off (which forces you to use $_GET, $_POST, e.g. superglobals) instead of having them dynamically injected into your script (i.e. register globals on).
As for it only being affected within particular directories, it sounds as if you have changed the register global setting using an .htaccess file, which can affect settings on a per directory basis.
Re: random requirement for using $_GET
Posted: Sun Jan 13, 2008 2:31 pm
by jimthunderbird
Use .htaccess to manually turn off register global.
http://www.php.net/manual/en/security.globals.php#42516
From day one when I start doing php, I've always used $_GET and $_POST instead of refering the variable directly in the code even though I know sometime I can do it that way with register_global turn on. I think using $_GET and $_POST makes more sense and create less confusion also.
Re: random requirement for using $_GET
Posted: Sun Jan 13, 2008 2:35 pm
by John Cartwright
Didn't realize this was in the Testing board.
Moved to PHP-Code.
Re: random requirement for using $_GET
Posted: Sun Jan 13, 2008 9:20 pm
by Ambush Commander
In case this hasn't been made clear above, STOP USING REGISTER GLOBALS. They are a bit of syntactic sugar, and you seem to know what you're doing with them, but many other developers don't and this results in lots of vulnerabilities.