On Wed, Nov 25, 2009 at 3:01 PM, Allen McCabe wrote:
> *Warning*: Unknown: Your script possibly relies on a session side-effect
> which existed until PHP 4.2.3. Please be advised that the session extension
> does not consider global variables as a source of data, unless
> register_globals is enabl
LPAC - Arts for Youth - Seat OrdersI am getting the following error message,
but ONLY on a page where I am querying multiple tables, and I don't see the
correlation:
*
*
*Warning*: Unknown: Your script possibly relies on a session side-effect
which existed until PHP 4.2.3. Please be advised that t
Are you running PHP as a Module or as CGI or FCGI?
Look at phpinfo() output to be SURE.
If it's not running as a Module, none of those directives are defined,
because Apache (which implements .htaccess) has no friggin' idea what
php_value or php_flag is without PHP Module there to tell it.
On We
Tijnema wrote:
On 6/7/07, Afan Pasalic <[EMAIL PROTECTED]> wrote:
hi,
this question is already posted thousand times. but, after I tried for 2
hours to figure it out, I gave up and posted the question here.
I'm rebuilding one site. php 4.4.4
as usual, register_globals on, as well as magic_quot
On 6/7/07, Afan Pasalic <[EMAIL PROTECTED]> wrote:
hi,
this question is already posted thousand times. but, after I tried for 2
hours to figure it out, I gave up and posted the question here.
I'm rebuilding one site. php 4.4.4
as usual, register_globals on, as well as magic_quotes.
I tried to tur
hi,
this question is already posted thousand times. but, after I tried for 2
hours to figure it out, I gave up and posted the question here.
I'm rebuilding one site. php 4.4.4
as usual, register_globals on, as well as magic_quotes.
I tried to turn it off using .htaccess but what ever I change in
)
> {
> die("Could not query the database: ".mysql_error());
> }
>
> I wrote a help ticket to Lunarpages where I am now hosted and asked them to
> set the register_globals to ON thinking this was the problem based on what
> I've read and the wrote back and told me tha
t to Lunarpages where I am now hosted and asked them to
set the register_globals to ON thinking this was the problem based on what
I've read and the wrote back and told me that they use suPHP to parse php
files and I have the option of using custom php.ini files. That I could
create a .htaccess file
d on what
I've read and the wrote back and told me that they use suPHP to parse php
files and I have the option of using custom php.ini files. That I could
create a .htaccess file or put individual php.ini files in the folder that
contains the files im running. In other words do it myself.
S
Hello,
Sunday, April 4, 2004, 1:17:53 AM, you wrote:
n> Why i cann't change register_globals value with ini_set()?
Because it's a system level configuration value - you cannot change it
in your scripts.
register_globals supports PHP_INI_PERDIR and PHP_INI_SYSTEM - meaning
it can only be chang
Hello.
In my php.ini file register_globals has value Off.
I have script
Script echo 1. But if i create .htaccess in this dir which contains
string
php_value register_globals 0, my script return 0.
Why i cann't change register_globals value with ini_set()?
bye,
mailto:[E
I have REGISTER_GLOBALS set to off. I have read and read, but cannot figure out what I
need to do code wise to keep from getting the following message:
Warning: Unknown(): Your script possibly relies on a session side-effect which existed
until PHP 4.2.3. Please be advised that the session exten
Jay Blanchard wrote:
[snip]
But IE and Konqueror both load the info.php correctly from my end. It
is
the index.php for Nukemods.com that gets hosed in those browsers.
So you're saying that index.php is broken? Then why it gets loaded fine
if I delete the .htaccess file?
[/snip]
That is exactl
[snip]
> But IE and Konqueror both load the info.php correctly from my end. It
is
> the index.php for Nukemods.com that gets hosed in those browsers.
So you're saying that index.php is broken? Then why it gets loaded fine
if I delete the .htaccess file?
[/snip]
That is exactly what I am saying.
Jay Blanchard wrote:
[snip]
Actually, according to the info.php page for that directory
register_globals is ON as you desire...correct?
Correct, the .htaccess file overides just fine register_globals and
error_reporting but somehow Internet Explorer and Konqueror does not
load the page.
[/snip
[snip]
> Actually, according to the info.php page for that directory
> register_globals is ON as you desire...correct?
Correct, the .htaccess file overides just fine register_globals and
error_reporting but somehow Internet Explorer and Konqueror does not
load the page.
[/snip]
But IE and Konqu
Jay Blanchard wrote:
[snip]
If I create an PHP environment such that I don't need to override
register_globals and error_reporting with a .htaccess file it works just
fine, so I guess the problem is in the .htaccess file. I posted my
httpd.conf file at http://e-technics.com/dorna/httpd.conf.
If
[snip]
If I create an PHP environment such that I don't need to override
register_globals and error_reporting with a .htaccess file it works just
fine, so I guess the problem is in the .htaccess file. I posted my
httpd.conf file at http://e-technics.com/dorna/httpd.conf.
If I comment the lines
Jay Blanchard wrote:
[snip]
It doesn't work. After all a script that contains only phpinfo()
(e-technics.com/dorna/info.php) works OK, but the webpage, which is a
PhpNuke doesn't work.
[/snip]
Actually info.php works in IE and reports register_global is ON locally
(within that directory). There
[snip]
It doesn't work. After all a script that contains only phpinfo()
(e-technics.com/dorna/info.php) works OK, but the webpage, which is a
PhpNuke doesn't work.
[/snip]
Actually info.php works in IE and reports register_global is ON locally
(within that directory). Therefore, as I stated ear
To: [EMAIL PROTECTED]
Subject: RE: [PHP] register_globals problem
The only problem I see with that is that you're using the constants E_ALL
and E_NOTICE in the .htaccess file. You can't use constants there, you need
to use the actual number. (2047 & ~8) == 2039:
php_flag register_globals 1
[snip]
>
>Did you try the test.php above?
>
>
>
Yes, I have. Doesn't work.
[/snip]
Then your httpd.conf in not configured properly. It would appear to me
that PHP is not working at all. I went to the URL inquestion and did not
find this test page, so it will be hard for me to help you. Does PHP
Jay Blanchard wrote:
[snip]
Put a page in that directory called test.php with only
phpinfo();
?>
It doesn't work at all if I put AddType application/x-httpd-php .php
[/snip]
Did you try the test.php above?
Yes, I have. Doesn't work.
--
PHP General Mailing List (http://www.php.net
D]
Subject: RE: [PHP] register_globals problem
The only problem I see with that is that you're using the constants E_ALL
and E_NOTICE in the .htaccess file. You can't use constants there, you need
to use the actual number. (2047 & ~8) == 2039:
php_flag register_globals 1
php_fla
iginal Message-
From: Bogdan Albei [mailto:[EMAIL PROTECTED]
Sent: Wednesday, December 03, 2003 4:43 AM
To: [EMAIL PROTECTED]
Subject: [PHP] register_globals problem
I have a webpage that needs to use some specific php.ini settings
different from other php applications on my web server. I
[snip]
>Put a page in that directory called test.php with only
>
>
>phpinfo();
>
>?>
It doesn't work at all if I put AddType application/x-httpd-php .php
[/snip]
Did you try the test.php above?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Jay Blanchard wrote:
[snip]
I have a webpage that needs to use some specific php.ini settings
different from other php applications on my web server. I have created a
.htaccess file with the following content:
php_flag register_globals 1
php_flag error_reporting "E_ALL & ~E_NOTICE"
It works fi
[snip]
I have a webpage that needs to use some specific php.ini settings
different from other php applications on my web server. I have created a
.htaccess file with the following content:
php_flag register_globals 1
php_flag error_reporting "E_ALL & ~E_NOTICE"
It works fine, but only on Mozil
I have a webpage that needs to use some specific php.ini settings
different from other php applications on my web server. I have created a
.htaccess file with the following content:
php_flag register_globals 1
php_flag error_reporting "E_ALL & ~E_NOTICE"
It works fine, but only on Mozilla and N
--- Fernando Melo <[EMAIL PROTECTED]> wrote:
> I was not making an assumption. I was stating a fact.
> "I get these using $_POST"
>
> I did NOT state that register_globals needs to be on to do what I'm
> doing.
If you're going to make false claims about what you previously said, you
might want t
---
From: Chris Shiflett [mailto:[EMAIL PROTECTED]
Sent: 13 November 2003 17:07
To: Fernando Melo; '[EMAIL PROTECTED]'
Subject: Re: [PHP] register_globals & security
--- Fernando Melo <[EMAIL PROTECTED]> wrote:
> I have a PHP application that passes variables (values) f
--- Raditha Dissanayake <[EMAIL PROTECTED]> wrote:
> At the risk of starting another flame war: IMHO switching off register
> globals and relying on $_POST etc can lull you into a false sense of
> security.
I agree, and this is more true with the safe_mode directive, which I have
always thought
--- Fernando Melo <[EMAIL PROTECTED]> wrote:
> I have a PHP application that passes variables (values) from a form.
> I get these using $_POST
>
> However I do also post some variables via a link. Which ofcourse
> requires register_globals to be ON.
This is a common problem I see on this list. Wh
with regards to security.
-Original Message-
From: Raditha Dissanayake [mailto:[EMAIL PROTECTED]
Sent: 13 November 2003 15:24
To: [EMAIL PROTECTED]
Subject: Re: [PHP] register_globals & security
Hi,
There is also a $_REQUEST variable.
At the risk of starting another flame war: IMHO swit
[snip]
There is also a $_REQUEST variable.
At the risk of starting another flame war: IMHO switching off register
globals and relying on $_POST etc can lull you into a false sense of
security.
[/snip]
***applause***
Bottom-lineas I just said in another threadinitialize your
variables an
Yup I still don't see how it improves anything with regards to security.
-Original Message-
From: Raditha Dissanayake [mailto:[EMAIL PROTECTED]
Sent: 13 November 2003 15:24
To: [EMAIL PROTECTED]
Subject: Re: [PHP] register_globals & security
Hi,
There is also a $_REQUEST var
still picked up the same way from a URL
-Original Message-
From: Jon Haworth [mailto:[EMAIL PROTECTED]
Sent: 13 November 2003 13:28
To: [EMAIL PROTECTED]
Subject: Re: [PHP] register_globals & security
Hi Fernando,
I have a PHP application that passes variables (values) from a fo
On Thu, Nov 13, 2003 at 01:55:08PM +0200, Fernando Melo wrote:
: Jon Haworth responded:
: : Fernando Melo wrote:
: : >
: : > I have a PHP application that passes variables (values) from a form.
: : > I get these using $_POST
: : >
: : > However I do also post some variables via a link. Which ofcou
Thanks.
I don't see how this makes it more secure though?
The values are still picked up the same way from a URL
-Original Message-
From: Jon Haworth [mailto:[EMAIL PROTECTED]
Sent: 13 November 2003 13:28
To: [EMAIL PROTECTED]
Subject: Re: [PHP] register_globals & sec
Hi Fernando,
> I have a PHP application that passes variables (values) from a form.
> I get these using $_POST
>
> However I do also post some variables via a link. Which ofcourse requires
> register_globals to be ON.
Do you mean variables in a URL, like this:
www.example.com/index.php?foo=1&bar
Hi everyone,
I have a PHP application that passes variables (values) from a form.
I get these using $_POST
However I do also post some variables via a link. Which ofcourse requires
register_globals to be ON.
I would like to secure this application. What would be the best way of
doing this and
Please include the list in all of your replies. I skim message subjects and
don't read all messages. If you reply only to me, there's a good chance it will
not be read, and no one else will have a chance to answer your question.
--- [EMAIL PROTECTED] wrote:
> As i know, if register_globals is turn
--- [EMAIL PROTECTED] wrote:
>
> The problem concern:
>
> The correct site is: www.gardafun.com with apache.1.3.27 and
> php-4.0.6 with register_globals = On
>
> The new webserver is 213.21.138.119 with suse8.2 apache1.3.27 and
> php-4.3.3 with register_globals=off in the php.ini and in the
> .h
--- [EMAIL PROTECTED] wrote:
> In the php.ini I have set the registr_globals=3D Off
I'm assuming that 3D was put in there by some faulty mail client? Also, make
sure you spell it register_globals.
> php_flag register_globals on for only this site.
>
> With the function phpinfo I have see that th
[snip]
With the function phpinfo I have see that the Master Value is Off and
the=
Load Value is On but the site don't running successfully.
With suse8.1 with php4.2.2 I have nothing problem.
Any idea ?
[/snip]
Does the site rely on files outside of that directory? Do you 'allow
overrides' for the
Hi all,
I use suse8.2 professional
I have upgraded php 4.3.1 to 4.3.3 with rpm suse project.
In the php.ini I have set the registr_globals=3D Off and Ih th directory
/srv/www/html/mysites1 I have created the file .htaccess with:
php_flag register_globals on for only this site.
With the functi
On Sat, 27 Sep 2003 20:05:10 -0400
"Damon Kohler" <[EMAIL PROTECTED]> wrote:
> Well, it does turn off. At least phpinfo() says that it's off.
> However, PHP is acting as though it's still turned on. The source
> code for the page I'm using to test this odd result is:
>
>
> I'm running PHP 4.3.3
I don't think so... You have something particular in mind? You can check out
the page itself at http://my.innermetrix.cc/test.php
Damon
"Robert Cummings" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> Are you using third party code that might be doing the export to global
> space i
Are you using third party code that might be doing the export to global
space itself?
Rob.
On Sat, 2003-09-27 at 22:21, Damon Kohler wrote:
> No, it's not cached. I can type in anything to the input and it'll show up.
> As in, if I type "test" into the form, it prints test. Then if I type "hello
No, it's not cached. I can type in anything to the input and it'll show up.
As in, if I type "test" into the form, it prints test. Then if I type "hello
world" it'll print hello world. So I'm pretty sure caching isn't the
problem.
Damon
"Cristian Lavaque" <[EMAIL PROTECTED]> wrote in message
new
I don't know much about this, but could it have been cached?
Cristian
Damon Kohler wrote:
> Well, it does turn off. At least phpinfo() says that it's off.
> However, PHP is acting as though it's still turned on. The
source
> code for the page I'm using to test this odd result is:
>
>
>
>
>
>
Well, it does turn off. At least phpinfo() says that it's off. However, PHP
is acting as though it's still turned on. The source code for the page I'm
using to test this odd result is:
I'm running PHP 4.3.3 on RH7. When the form is submited, the value is
printed despite the fact it's p
Rather than turning on register globals system wide I'd use .htaccess to
enable register globals for the specific sites or applications that
require them. Because the super globals have been introduced the
problem with register globals and application security may be more
prounounced for appli
Try restarting your apache.
-murugesan
- Original Message -
From: "Deependra b. Tandukar" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, September 03, 2003 10:09 AM
Subject: [PHP] register_globals
> Hi,
>
> I have configured PHP 4.3.3 in wh
Deependra b. Tandukar wrote:
Hi,
I have configured PHP 4.3.3 in which register_gloabals is set to be off.
I modified etc/php.ini and set it to be On but still it shows it is off
and some developed applications in php are asking for it to be turned
on. How do I do this?
Did you restart the web
Hi,
I have configured PHP 4.3.3 in which register_gloabals is set to be off. I
modified etc/php.ini and set it to be On but still it shows it is off and
some developed applications in php are asking for it to be turned on. How
do I do this?
Regards,
DT
--
PHP General Mailing List (http://www
Hi,
I think you want to use:
php_value register_globals Off
I have this setup in VirtualHost's and in .htaccess files. The
difference between php_value and php_admin_value is that php_admin_value
can not be overridden in a .htaccess file or VirtualHost. So if you want
to enforce some settings a
a while ago we upgraded the php installations on our servers. for a quick fix
we set register_globals to on for code compatibility. Since then we have been
cleaning up code to eliminate this. We likely still have some virtual hosts who
are using these globals though, so while we are wanting them
Well, I know it has something to do with register_globals, because it
only starts working when I turn register_globals on. If it is off, the
script doesn't work.
Here is the php file that calls to the class. It doesn't seem to have
anything that is global, but as I said before, I am not very fa
> I found a class that allows you to have a multiple page listing, where
> it displays a certain number of items, and then you click on the next
> page to show the next results. I found that it needs to have
> register_globals turned on. I am learning, and would like to have
> someone look at the c
I found a class that allows you to have a multiple page listing, where
it displays a certain number of items, and then you click on the next
page to show the next results. I found that it needs to have
register_globals turned on. I am learning, and would like to have
someone look at the class t
> I'm thinking of running a shopping cart package (osCommerce)
> that requires
> register_globals to be enabled. With all the warnings about
> security with
> register_globals enabled I'm worried.
>
> How dangerous is it?
The key defensive step is to initialize all of your session variables at
yeh, I'd strongly agree with Jonathan's view that quality of the code can
mitigate against the dangers of register_globals.
FYI, an interesting article on php vulnerabilities is at:
http://www.securereality.com.au/studyinscarlet.txt
David Eisenhart
"Jonathan Pitcher" <[EMAIL PROTECTED]> wrote i
Sam,
The register_globals can be dangerous to turn on but it really depends
on the quality of code that the shopping cart was written. See
Examples below for explanation.
Say you had a script that looked like this.
$Q = "Select * from Stored CreditCards where User='$User'";
. Retriv
I'm thinking of running a shopping cart package (osCommerce) that requires
register_globals to be enabled. With all the warnings about security with
register_globals enabled I'm worried.
How dangerous is it?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.ph
three solutions:
1. turn register_globals off for compatibility purposes via .htaccess
file in the script's directory
2. create a auto_prepend file with the following: extract($_GET), this
should do the trick
3. rewrite the whole code to make any user-input (form) variable to be
$_REQUEST or $_
on 29/01/03 6:41 AM, Kiswa ([EMAIL PROTECTED]) wrote:
change If($id==1){ to If($_GET['id']==1){
or put this line near the top of your script:
$id = $_GET['id'];
or, a little more anal:
if(isset($_GET['id'])) { $id = $_GET['id']; }
Justin
> Finansiering
> If($id==1){
> echo " color=\"#0
I know its stupid but i´ve been writing a site for a register_globals = on
enviroment
now i need to convert all the code to an off setting
the page is built by sending a whole lot off vars to diferent pages.
as you can see below the hyperlink sends the id var to the same page and
then echos the co
try using pear...
On Sat, 2002-11-16 at 22:53, Leif K-Brooks wrote:
> I'm looking for a good class for forms that will work with
> register_globals off. I was planning to modify Manuel Lemos's class,
> but it turned out to be too big of a task. Any ideas?
>
> --
> The above message is encr
I'm looking for a good class for forms that will work with
register_globals off. I was planning to modify Manuel Lemos's class,
but it turned out to be too big of a task. Any ideas?
--
The above message is encrypted with double rot13 encoding. Any unauthorized attempt to decrypt it will be pr
On Thursday 14 November 2002 03:41, Marek Kilimajer wrote:
> Even if the method is post, you can have get variables, if the form has
> action="script.php?get_var=value"
Yes but I don't (need to) define my forms like that so I don't really care :-)
--
Jason Wong -> Gremlins Associates -> www.grem
Even if the method is post, you can have get variables, if the form has
action="script.php?get_var=value"
Jason Wong wrote:
On Wednesday 13 November 2002 23:57, Leif K-Brooks wrote:
I am planning to use Manuel Lemos's form class for a web site I am
working on. However, I need to have registe
On Wednesday 13 November 2002 23:57, Leif K-Brooks wrote:
> I am planning to use Manuel Lemos's form class for a web site I am
> working on. However, I need to have register_globals set to off. I was
> planning to rewrite the portions of the class that access submitted form
> values directly to u
I am planning to use Manuel Lemos's form class for a web site I am
working on. However, I need to have register_globals set to off. I was
planning to rewrite the portions of the class that access submitted form
values directly to use the suberglobal arrays. When I started, though,
I saw how
At 21:05 12.11.2002, Mark Spohr said:
[snip]
>I'm trying to convert this to use $_POST() as such:
>
> if (@$_POST['form'] == "yes")
>{
>unset($_POST['form']);
>}
>
>However, this does not work. It appears that you can't unset the
>$_POST['form'] array eleme
I'm very new to PHP/mySQL and am working through the "PHP and mySQL for
Dummies" examples. Unfortunately, these were all written with
register_globals on and the system I'm using has register_globals off.
I'm having trouble converting the examples to use the $_POST() expression.
Specifically, t
Hi there
In my shop a had this code to add a product to the shoppingcart:
session_start();
session_register("cart");
if($action == "addtocart")
{
$cart[] = "$id,$amount";
}
To view the cart i had to explode the session_variable $cart and get
more data from the database.
session_sta
> I'm working on a site where I'm using geeklog
> http://geeklog.sourceforge.net/
>
> It has the requirement that
>
> > "Geeklog needs the register_globals variable turned on in order to work.
> > Since PHP 4.2.0, the default for register_globals is "off". To fix it,
> > simply add the following l
Hi,
I'm working on a site where I'm using geeklog
http://geeklog.sourceforge.net/
It has the requirement that
> "Geeklog needs the register_globals variable turned on in order to work.
> Since PHP 4.2.0, the default for register_globals is "off". To fix it,
> simply add the following line to
The manual is up-to-date on this topic, for questions
related to register_globals and form variables please
feel free to point to:
http://www.php.net/manual/en/language.variables.external.php
Or the shortcut (all man pages work this way):
http://www.php.net/variables.external
In fact, i
-
>From: "Chris Hewitt" <[EMAIL PROTECTED]>
>To: "Ahmed Abdalla" <[EMAIL PROTECTED]>
>Sent: Tuesday, June 11, 2002 9:06 PM
>Subject: Re: [PHP] register_globals flag in some directories
>
>
>>Ahmed,
>>
>>The /etc/httpd/conf/httpd.
I am sorry if this is asked before, but I have apache 2.0.36 with php 4.2.1
in the php.ini file register_globals is set off, but i want to turn it on in
some directories
I tried to create .htaccess file in that directory and put in it
php_flag register_globals on
but its not working, so did i do
Mike,
Both of your bit of code are not equal.
On my ISP in 4.0.6 isset returned false if the variable was not existing OR
empty
in 4.2 isset returns true if the variable exists but is empty, so you may
want to check with empty instead of isset
Luc
At 12:16 10/05/2002 +0100, Ford, Mike
On Fri, 10 May 2002, Ford, Mike [LSS] wrote:
> Also, by using the $_POST, $_GET arrays, you know exactly where the
> input is coming from (even if register_globals is also on!). If you
> have register_globals set to on, and you just look to see if (say)
> $password has a value, whic
At 15:13 10/05/2002, Ford, Mike [LSS] wrote:
>I should have said "less secure" rather than "more secure".
>
>Am I right this time?
Yep :)
Zeev
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
> -Original Message-
> From: Ford, Mike [LSS] [mailto:[EMAIL PROTECTED]]
> Sent: 10 May 2002 12:54
> To: 'Zeev Suraski'
> Cc: [EMAIL PROTECTED]
> Subject: RE: [PHP] register_globals in php4
>
> > -Original Message-
> > From: Zeev Sura
> -Original Message-
> From: Zeev Suraski [mailto:[EMAIL PROTECTED]]
> Sent: 10 May 2002 12:36
>
> You meant it the other way around, didn't you? :)
Er, yes! ;)
(I cut-and-pasted one example to create the other, and then changed the wrong "on" to
"off"!!)
Cheers!
Mike
--
At 14:16 10/05/2002, Ford, Mike [LSS] wrote:
>No, but this:
>
> if (isset($password)): // register_globals on
> $super_user = $password==$super_password;
> endif;
>
> if ($super_user):
> // sensitive admin stuff
> endif;
>
>is more secure than:
>
>
> -Original Message-
> From: Kevin Stone [mailto:[EMAIL PROTECTED]]
> Sent: 09 May 2002 23:09
>
> Hmm. No offense ..., but I don't believe turning
> Registered Globals off
> will have any effect on security. Turning Registered Globals off just
> provides a more strict environment for c
On Thu, 9 May 2002, Kevin Stone wrote:
>> If register_globals is off, then you'll get $_GET['id'] = 3 and
>> $_GET['sex'] = female. It's then up to you to make sure those are okay.
>> But at least $id and $sex won't get set until you explicitly set them in
>> your code.
>
> Hmm. No offense Migue
- Original Message -
From: "Miguel Cruz" <[EMAIL PROTECTED]>
To: "Patrick Hsieh" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Thursday, May 09, 2002 11:52 AM
Subject: Re: [PHP] register_globals in php4
> On Fri, 10 May 2002, Patrick
- Original Message -
From: "Patrick Hsieh" <[EMAIL PROTECTED]>
> Hello list,
>
> php4.1 recommends to set register_globals=off in php.ini to make php
> more strict. My question is, if I turn off register_globals, what will
> happen if any malicious user just try to modify the variable val
On Fri, 10 May 2002, Patrick Hsieh wrote:
> php4.1 recommends to set register_globals=off in php.ini to make php
> more strict. My question is, if I turn off register_globals, what will
> happen if any malicious user just try to modify the variable values in
> the url? Say,
>
> http://www.domain
Hello list,
php4.1 recommends to set register_globals=off in php.ini to make php
more strict. My question is, if I turn off register_globals, what will
happen if any malicious user just try to modify the variable values in
the url? Say,
http://www.domain.com/xxx.php?id=3&sex=female
Does it wor
Looks like you forgot your ticks ' around the PHP_SELF. If I am correct,
it should be $_SERVER['PHP_SELF'].
Either way, you might want to try this. Somebody else posted it before and
I have been using it so that no matter what version of PHP my program runs
on, it should work.
if (isset($_SER
On Sun, 28 Apr 2002, Kirk Babb wrote:
> How do I use $PHP_SELF with register_globals off? I looked up the
> documentation on php.net but haven't gotten this line of code to work:
>
>
action=''
miguel
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.ne
IL PROTECTED]]
> Sent: Sunday, April 28, 2002 3:58 PM
> To: [EMAIL PROTECTED]
> Subject: [PHP] register_globals=Off Question
>
> How do I use $PHP_SELF with register_globals off? I looked up the
> documentation on php.net but haven't gotten this line of code to work:
>
>
How do I use $PHP_SELF with register_globals off? I looked up the
documentation on php.net but haven't gotten this line of code to work:
I get this error instead:
[28-Apr-2002 16:33:31] PHP Parse error: parse error, expecting `T_STRING'
or `T_VARIABLE' or `T_NUM_STRING' in - on line 140
wha
Hello,
in php 4.0.6 on the begin of the script include file called config.php.
In config file i have ini_set('register_globals', 'off');
i setup session via session_register('variable') and redirect to
another page, where i include the same config (config.php) and call
session_start(); but when i
You would be better off reading the security chapter in the PHP
documentation. It is much better informed than that study-in-scarlet
thing.
On Mon, 1 Apr 2002, Erik Price wrote:
>
> On Sunday, March 31, 2002, at 04:05 AM, Liam wrote:
>
> > at the moment I have register_globals set to "on"
> >
1 - 100 of 115 matches
Mail list logo
