Basic Question, sorry . . . Having to use $_get to get vars

Ye' old general discussion board. Basically, for everything that isn't covered elsewhere. Come here to shoot the breeze, shoot your mouth off, or whatever suits your fancy.
This forum is not for asking programming related questions.

Moderator: General Moderators

Post Reply
2clicks
Forum Newbie
Posts: 1
Joined: Thu Feb 24, 2011 8:38 am

Basic Question, sorry . . . Having to use $_get to get vars

Post by 2clicks »

Sorry for asking what is probably a very basic question but I am a hobbiest developer rather than a pro :D :?:

I have just moved my sites to my own server, iis7 & php, all good apart from the fact I now need to use $_GET where I didn't need to before, a page just had all the variables included?

I have no idea why and can only assume this is a setting somewhere, can anyone shed any light on this as otherwise I am going to need to go through all of my pages on my sites, work out what variables are being passed to them and add the $_get for each and every one.

Have googled to death and found nothing of use do any help much appreciated.

Cheers

Ade :?:
User avatar
pickle
Briney Mod
Posts: 6445
Joined: Mon Jan 19, 2004 6:11 pm
Location: 53.01N x 112.48W
Contact:

Re: Basic Question, sorry . . . Having to use $_get to get v

Post by pickle »

Looks like your old server had the register_globals directive turned on. This directive imports all $_GET, $_POST and $_COOKIE variables into the local namespace. This is a bad thing. Unless you're losing money every second this site is down, I would recommend going through all your scripts and importing them manually. For example, rather than just:

Code: Select all

//url = request.php?count=74

for($i=0;$i<$count;$i++)
///etc
Do this:

Code: Select all

//url = request.php?count=74

$count = $_GET['count'];
for($i=0;$i<$count;$i++)
///etc
The reason this is bad is because auto_globals can be used to hack your application. For example, assume you've got a page (request.php) like this:

Code: Select all

$host = (isset($host)) ? $host : 'localhost';
$conn = mysql_connect($host,'mysupersecretusername','mysupersecretpassword');
I can hack that to get your username and password by simply calling the page like so: request.php?host=mydomainname.com

Your script will then try to connect to my host with the username and password.
Last edited by pickle on Thu Feb 24, 2011 5:11 pm, edited 1 time in total.
Reason: Directive is "register_globals", not "auto_globals".
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
Post Reply