Hello all,
After reading what Jim sent me, I'm taking his advice...thanks Jim and
Zend!
i run servers inside and outside of our firewall, and while the ones inside
i'm not all that concerned about, i am currently revising all of my code to
adapt to this standard of leaving register_globals = Off. it seems if you
go against it, you're just opening yourself up tot he security hole they
tried to patch.
Thanks again,
jeff
"Rick Watts"
<rick@voyageurconsul To: <[EMAIL PROTECTED]>
tants.com> cc:
Subject: RE: [PHP-INST] empty db
queries with 4.2.0...fix
05/06/2002 10:44 AM found,but....
Please respond to
rick
I'm a PHP 'newbie' but I use the extract() function to restore the form
variables after passing $HTTP_POST_VARS to a library function for
processing - it seems to me that you could do the same with the new $_POST
array. That way you only have to add a single function call to each of your
form handling routines, although you may open up the same security risks as
before!
For more info on security have a look at
http://www.php.net/release_4_1_0.php
The Fruity Newt.
-----Original Message-----
From: Jim Thome [mailto:[EMAIL PROTECTED]]
Sent: 06 May 2002 07:26
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: [PHP-INST] empty db queries with 4.2.0...fix found,but....
Read this: http://www.zend.com/zend/art/art-oertli.php
>>> <[EMAIL PROTECTED]> 05/06/02 06:19AM >>>
Ok. It seems that if i turn register_globals to On everything is fine.
But what does this potentially open up as far as security risks. I would
prefer not to do this, but if i don't set this to be On, no POST or GET
variables are passed. I have always just used the $formVar notation of a
post variable, and not the $HTTP_POST_VARS["formVar"] notation. should i
change the way i code these things and turn register_globals back off?
Any ideas?
any help is appreciated,
Jeff
----- Forwarded by Jeffrey N Dyke/CORP/Keane on 05/06/2002 08:20 AM -----
Jeffrey_N_Dyke
@Keane.com To: "phpinstall"
<[EMAIL PROTECTED]>
cc:
05/06/2002 Subject: [PHP-INST] empty db
queries with 4.2.0.
07:32 AM
Hello. I have had a few versions of PHP installed starting with 4.06 and
most recently 4.1.2. I have now tried to upgrade to 4.2.0 and some of the
database querys come out empty. Ones that have been working for sometime on
all other versions. Luckily, this is simply on the development server and
i have not built this on production. I did a make clean and then installed
as usual. This only seems to be when php is sending variables in the URL
to be used in the query. Straight database queries come back fine. I have
error_reporting(E_ALL) set on all pages....and no errors at all.
Has anyone expierenced this? Did something change, should i have added a
new argument to the configure command? Is this in PHP.ini?
Any help is appreciated. Luckily it is very easy to go back to 4.1.2 where
all scripts work, but doesn't eveyone like to upgrade ;)
Thanks.
Jeff
oh and thanks for your comments on the winXP/Apache/php question. for
anyone thinking of it. i installed
Apache2.035/php4.2.0/Tomcat4.0/jsdk1.4/mysql3.23 on XP without a hitch.
--
PHP Install Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP Install Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP Install Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP Install Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP Install Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
