Hi, one of our externally hosted sites is experiencing forms problems.

http://printuli.com/ship/upsdesk.php
Initially a very simple form, select a product and the form grows from there.
Now since the upgrade to PHP 5.3.14 the selected does not get echoed and the form resets.

We have an identical form at another external host
http://printnml.com/ship/upsdesk.php
This works fine it is identical to the other except it's on PHP 5.2.17

The code is so simple for the select field option:

<select name="Product" class="jobTextBox" id="Product" onChange="this.form.submit()">
			  <option value="<?php if($Product == "") { echo ''; } else { echo $Product; } ?>"><?php if($Product == "") { echo ''; } else { echo $Product; } ?></option>
              <option value="Manual Entry">Manual Entry</option>
              <option value="Standard Postcard" style="background-color:#FFE7CE;">Standard Postcard</option>
              <option value="Jumbo Postcard" style="background-color:#FFE7CE;">Jumbo Postcard</option>
              <option value="Super Jumbo Postcard" style="background-color:#FFE7CE;">Super Jumbo Postcard</option>
              <option value="Rack Card" style="background-color:#E6E6CC;">Rack Card</option>
              <option value="Single Page Flyer" style="background-color:#CCFFCC;">Single Page Flyer</option>
              <option value="Four Page Brochure" style="background-color:#CCFFCC;">Four Page Brochure</option>
              <option value="Six Page Brochure" style="background-color:#CCFFCC;">Six Page Brochure</option>
              <option value="Business Card" style="background-color:#FFF0C1;">Business Card</option>
              <option value="Sticker" style="background-color:#FFF0C1;">Sticker</option>
              <option value="Pocket Folder" style="background-color:#CEEFFF;">Pocket Folder</option>
            </select>

Can someone tell me what has changed?

riojimmy;11013099 wrote:

Can someone tell me what has changed?

... no?

Are you referring to this line?

  <option value="<?php if($Product == "") { echo ''; } else { echo $Product; } ?>"><?php if($Product == "") { echo ''; } else { echo $Product; } ?></option>

if so, how is the value of [font=monospace]$Product[/font] determined? Perhaps you had been relying on register_globals?

also, note that [font=monospace]if($Product == "") { echo ''; } else { echo $Product; }[/font] could be written much more efficiently as [font=monospace]echo $Product;[/font]. But you should be making sure the variable has been set, first:

<?php
if( isset( $Product ) ){ echo $Product; }

Yes the phpinfo file shows that

register_globals Off Off

Is this a new security requirement?

The server with 5.2.17 has them on.

Thank you.

riojimmy wrote:

Yes the phpinfo file shows that

register_globals Off Off

Is this a new security requirement?

The server with 5.2.17 has them on.

New? A quick check shows that register_globals has defaulted to off since PHP 4.2.0, which is more than a decade old. The person who configured the PHP installation on your server must have deliberately went against the security best practice, perhaps in anticipation of the use of ancient scripts that relied on register_globals being on.

Did you make use of the $POST and $GET arrays?

Not on these forms, they are for inhouse use to get UPS rates quickly. I was just on the Using Register Globals page at PHP.net and I'll just start from there, fortunately as mentioned the non-functioning site is only a emergency back-up to the ones I have set up for everyday use.
So that gives me time to change EVERYTHING, boy what a bother!
Sailing along everythings fine and then... (like PCI compliance etc...)

Thank you Laserlight and Traq, whatever I do I'll post it.

you're welcome.

riojimmy;11013115 wrote:

Where can I look to get the modification info I need for forms.
I tried Get instead of post but that doesn't work either.

I couldn't tell you that. Again, where does [font=monospace]$Product[/font] get its value from? I'm assuming from a form submission, somewhere, but perhaps indirectly...? You have the code. You'd have to tell us.

riojimmy;11013115 wrote:

Warning
This feature has been DEPRECATED as of PHP 5.3.0 and REMOVED as of PHP 5.4.0.
Well I guess I can look forward to the other host eventually doing so as well.

you shouldn't "look forward" to it. You should fix it asap, and then take it upon yourself to turn register_globals off.

post if you need help.

Back from lunch, so I'm $_Post 'ing all form data and it's functioning again.

You know I first contacted host (godaddy) and asked what they changed, their response was nothing.
I've had this form up their for so long, at the least 5 years.
So thanks for the info.

Regarding the other host who is still in the earlier version and with register_globals on, that is their call.
At least now I'm prepared for it.

Why these people are so reluctant to share info is a puzzle to me.

Thanks again.

riojimmy;11013127 wrote:

Why these people are so reluctant to share info is a puzzle to me.

Probably because they don't want to expose all of their horrible practices, such as enabling register_globals.

riojimmy;11013127 wrote:

Regarding the other host who is still in the earlier version and with register_globals on, that is their call.

really?
they don't allow you to change these settings via php.ini?
and/or they won't do it for you?

even if that's the case (and for some reason you can't switch hosts), you'd be better off fixing the other versions of the script as well. It shouldn't hurt. You should also make absolutely sure that all of your variables have been defined in the script before using them, so you can't pick anything up from register_globals - e.g.,

<?php

##  NO!!  ##
if( condition ){ $flag = true; }
// later. . .
if( $flag ){ do something; }

##  YES!!  ##
$flag = false;
if( condition ){ $flag = true; }
// later. . .
if( $flag ){ do something; }