Looks like your old server had the register_globals directive turned on. This directive imports all $_GET, $_POST and $_COOKIE variables into the local namespace. This is a bad thing. Unless you're losing money every second this site is down, I would recommend going through all your scripts and importing them manually. For example, rather than just:
Code: Select all
//url = request.php?count=74
for($i=0;$i<$count;$i++)
///etc
Do this:
Code: Select all
//url = request.php?count=74
$count = $_GET['count'];
for($i=0;$i<$count;$i++)
///etc
The reason this is bad is because auto_globals can be used to hack your application. For example, assume you've got a page (request.php) like this:
Code: Select all
$host = (isset($host)) ? $host : 'localhost';
$conn = mysql_connect($host,'mysupersecretusername','mysupersecretpassword');
I can hack that to get your username and password by simply calling the page like so: request.php?host=mydomainname.com
Your script will then try to connect to my host with the username and password.
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.