I'm a PHP 'newbie' but I use the extract() function to restore the form variables after passing $HTTP_POST_VARS to a library function for processing - it seems to me that you could do the same with the new $_POST array. That way you only have to add a single function call to each of your form handling routines, although you may open up the same security risks as before!
For more info on security have a look at http://www.php.net/release_4_1_0.php The Fruity Newt. -----Original Message----- From: Jim Thome [mailto:[EMAIL PROTECTED]] Sent: 06 May 2002 07:26 To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: [PHP-INST] empty db queries with 4.2.0...fix found,but.... Read this: http://www.zend.com/zend/art/art-oertli.php >>> <[EMAIL PROTECTED]> 05/06/02 06:19AM >>> Ok. It seems that if i turn register_globals to On everything is fine. But what does this potentially open up as far as security risks. I would prefer not to do this, but if i don't set this to be On, no POST or GET variables are passed. I have always just used the $formVar notation of a post variable, and not the $HTTP_POST_VARS["formVar"] notation. should i change the way i code these things and turn register_globals back off? Any ideas? any help is appreciated, Jeff ----- Forwarded by Jeffrey N Dyke/CORP/Keane on 05/06/2002 08:20 AM ----- Jeffrey_N_Dyke @Keane.com To: "phpinstall" <[EMAIL PROTECTED]> cc: 05/06/2002 Subject: [PHP-INST] empty db queries with 4.2.0. 07:32 AM Hello. I have had a few versions of PHP installed starting with 4.06 and most recently 4.1.2. I have now tried to upgrade to 4.2.0 and some of the database querys come out empty. Ones that have been working for sometime on all other versions. Luckily, this is simply on the development server and i have not built this on production. I did a make clean and then installed as usual. This only seems to be when php is sending variables in the URL to be used in the query. Straight database queries come back fine. I have error_reporting(E_ALL) set on all pages....and no errors at all. Has anyone expierenced this? Did something change, should i have added a new argument to the configure command? Is this in PHP.ini? Any help is appreciated. Luckily it is very easy to go back to 4.1.2 where all scripts work, but doesn't eveyone like to upgrade ;) Thanks. Jeff oh and thanks for your comments on the winXP/Apache/php question. for anyone thinking of it. i installed Apache2.035/php4.2.0/Tomcat4.0/jsdk1.4/mysql3.23 on XP without a hitch. -- PHP Install Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Install Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Install Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Install Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
