Page 1 of 1

Basic Question, sorry . . . Having to use $_get to get vars

Posted: Thu Feb 24, 2011 8:47 am
by 2clicks
Sorry for asking what is probably a very basic question but I am a hobbiest developer rather than a pro :D :?:

I have just moved my sites to my own server, iis7 & php, all good apart from the fact I now need to use $_GET where I didn't need to before, a page just had all the variables included?

I have no idea why and can only assume this is a setting somewhere, can anyone shed any light on this as otherwise I am going to need to go through all of my pages on my sites, work out what variables are being passed to them and add the $_get for each and every one.

Have googled to death and found nothing of use do any help much appreciated.

Cheers

Ade :?:

Re: Basic Question, sorry . . . Having to use $_get to get v

Posted: Thu Feb 24, 2011 10:04 am
by pickle
Looks like your old server had the register_globals directive turned on. This directive imports all $_GET, $_POST and $_COOKIE variables into the local namespace. This is a bad thing. Unless you're losing money every second this site is down, I would recommend going through all your scripts and importing them manually. For example, rather than just:

Code: Select all

//url = request.php?count=74

for($i=0;$i<$count;$i++)
///etc
Do this:

Code: Select all

//url = request.php?count=74

$count = $_GET['count'];
for($i=0;$i<$count;$i++)
///etc
The reason this is bad is because auto_globals can be used to hack your application. For example, assume you've got a page (request.php) like this:

Code: Select all

$host = (isset($host)) ? $host : 'localhost';
$conn = mysql_connect($host,'mysupersecretusername','mysupersecretpassword');
I can hack that to get your username and password by simply calling the page like so: request.php?host=mydomainname.com

Your script will then try to connect to my host with the username and password.