Global vars whitout reg_globals on

CoderJohan

I have a problem... From the first time i started using PHP i have scriptet with Register_globals=on but now the server i'm using is going to turn off the register globals and i don't know how this will effect my code... i know that i can't use the guestbook system that i made so i ask you all for help.

This code down here is the original code i use a form to fillout the information but when i hit submit nothing happens. But if i turn on globals it works like a charm... so Anyone up for som explaining about globals?

	if(!empty($Submit)){
		$sql="INSERT INTO ubn_klotter(id,namn,text) VALUES ('$id','$namn','$text')";
        mysql_query("$sql");
	}

I tried to do like this but it didn't work...


if(!empty($Submit)){
	$sql="INSERT INTO ubn_klotter(id,namn,text) VALUES ('$_REQUEST["id"]','$_REQUEST["namn"]','$_REQUEST["text"]')";
    mysql_query("$sql");

}

I have no clue on how to work with this so i need all the help i can get... Thanx
//Johan

spin0us

Use this line to get your vars as before without editong all your source code

extract($_GET,EXTR_OVERWRITE);
extract($_POST,EXTR_OVERWRITE);
extract($_ENV,EXTR_OVERWRITE);
...

CoderJohan

Hmmm... As i said i have no clue on working without globals so what do that code do? So i can learn some new stuff that i don't know of 🙂

ahundiak

Rewrite your script to use $GET and $POST. The is the preferred method but may be impractical.
Use .htaccess to turn register globals back on just for your site.
http://www.php.net/manual/en/configuration.directives.php#ini.register-globals
Using a master include file to recreate the global variables from $GET and $POST and $_COOKIE.
http://www.php.net/manual/en/security.registerglobals.php

dalecosp

Method #1 is preferred, absolutely.

It may be impractical, but if your editor will search/replace, it shouldn't take forever. Replace $foo with $_SUPER['foo'] when SUPER is the name of the desired superglobal array.

Johan, the global array (that we have when register_globals=1) was broken up into superglobals ($GET, $POST, $SESSION, $COOKIE, etc.) to control access to those variables. (Yes, technically those arrays were already there.) The reason, of course, is to make it harder to do "variable poisoning" attacks, where an attacker guesses (or reads from source) the names of your variables (especially session or hidden vars) and inserts them into the URL. With register_globals ON, a variable in the URL string would override other variables. With PHP being increasingly used for important things like e-commerce, I assume that the 'powers that be' thought it would be better to close that barn door.....

In the case above, $Submit is likely the culprit:

$Submit=$_POST['Submit'];
if (empty($Submit)) {

or, better, perhaps:

if(!($_POST['Submit'])) {

CoderJohan

Hmmm...
I made a .htaccess file and put it in the same catalog as the guestbook and entered

php_flag register_globals on

the file was empty but now there is just that line but no change... i can't use my old code. Am i doing anything wrong here?
//Johan

dalecosp

Hmm, I think with Apache/modPHP on Unix flavors, it'd be:

php_value register_globals 1

HTH....

ahundiak

.htaccess would normally go in your unix home directory. And it needs some lines like

<IfModule mod_php4.c>
php_flag register_globals on
</IfModule>

Use the phpinfo() function to check if it's working.

CoderJohan

I'm currently working on a windows system with apache webserver. So i have no clue on how this work?

ahundiak

The easy answer: Switch to *nix.

I have not tried this under windows.
It's going to depend on exactly what flavor of Windows you are using and how it is setup.

Google for "apache windows .htaccess"

CoderJohan

I have solved the problem i hade to enable this line in httpd.conf inorder to make it work

This controls which options the .htaccess files in directories can

override. Can also be "All", or any combination of "Options", "FileInfo",

"AuthConfig", and "Limit"

#
AllowOverride All

That was all i hade to do so thanks all for your help 🙂
//Johan

dalecosp

Originally posted by ahundiak
The easy answer: Switch to *nix.

Well, easy to say. Not too hard to do either. However, the problem that he solved could easily have been on either, eh?
Lots of things in complex systems to have a look at. FWIW, I might well have given the same advice, BSD for me...

Johan, once you allow override of conf settings via .htaccess, did it matter which of the above syntax(es) you used?

CoderJohan

I usualy run Linux but this isn't my computer so 🙂 I run Debian by the way.

Hmmm.. Syntax... Dunno i haven't tried once i have override it my old code did work... So now i have time to learn more about $POST, $GET and so on 🙂
//Johan