Hello Guys. I want to give a variable to a script using the URL: f.e.: http://test.com/test.php?var1=bla1&var2=bla2
And the problem is: register_globals is off. Where do I find the variables??? Thank you in advance. Sebastian
PS: I have to use PHP 4.0.6
Use this at the top of the Script you want to use the varables $var1=$HTTP_GET_VARS["var1"]; same for var2 and that will make them equal to what ever is in the URL.
Thank you for your answer. I tried that. It didn't work. The URL isn't created by a form. It is written by the user.
I think that the "improved security" is my problem.
I hope you have a solution, too.
Thank you, Sebastian
OK, now it works. I have forgotten an equal ;-) Thank you very much, Sebastian
You can also use
extract($HTTP_GET_VARS);
This makes each var in the array global.
It kinda defeats the purpose of having register_globals off, though I'm not really sure what good having register_globals off does anyway. You still need to check user input before doing anything with it.
Lacey
Register Globals is a big security risk so if you have any data you don't want people to see or use you want register globals off. Especially if you have a message board system that allows HTML and is done is PHP. That would allow people to log users information in a post they write in PHP.
What's to keep them from doing that with register globals off? They just need to use the arrays instead of the extracted global variables.
It seems to me like it's an attempt at security by using a small layer of obfuscation, which is really not security at all.
I don't get it.
