Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

echo $var 4

Status
Not open for further replies.

Kicket

Technical User
Jun 15, 2002
155
US
this is really wierd. on my first page i have a textfield, and a submit button. the form method="get" action="nextpage.php", so after i submit, it will load me to nextpage. with a url like , in my nextpage.php, i have echo $cbox; ,but somehow it won't display it. i wonder why. i m running a phpdev


ff
 
echo $_GET[cbox];

______________________________________________________________________
There's no present like the time, they say. - Henry's Cat.
 
thanks all. it worked after i tried echo "$_GET[]";
my code was written a year ago.

there's another question, i used to have session_register( var ) in my page, then i can simply call var using echo $var; in my next page. but now i can't. is this have something to do with the update?

or how to set the global variable to on?


ff
 
Kicket,

When you inspect the PHP installation you will probably see that register_globals is set to OFF. This is the default setting now and is recommended for security reasons.

The superglobal arrays are:
$_GET, $_POST, $_SESSION, $_COOKIE and $_REQUEST.

All you need is to start the session
Code:
 session_start()
and then assign the variables. To write code that is independent from the register_globals setting it is recommended to assign the variables directly into the session array:
Code:
$_SESSION[myvar] = "somevalue"';
The session_register function will not work in an environment where register_globals is disabled.

DRJ
 
how do u change the register_globals settings?



ff
 
That is in the php.ini

However, there are valid safety considerations that prompted the change to OFF as the default.

When register_globals is ON, anyone can pass variables into the script. Let's say there is a variable $foo that is never initialized and someone passes a GET parameter in the URL by that name then the user successfully introduced an arbitrary value into the script.

I would advise to write or alter the code so that it will run on PHP >= 4.1.2 regardless of the setting register_globals

 
thanks everyone. i altered my code instead of change the setting. so it will run regardless of the sttings.



ff
 
Also speaking of security... since you are using a form anyway, why not use method="POST" instead of "GET"? It's more essential if you want to have the user passing sensitive data, if it appears in the URL someone else could get access to the data from the browser's history, or from shoulder surfing. Makes for shorter, tidier URLs as well.

Then instead of $_GET['cbox'] just use $_POST['cbox'] instead.

:)

The New Zealand Site
 
DRJ478,

I didn't even think of that consideration for register_globals being on. I am going to turn them off right now. Thanks!

relax.gif


Keep up to date with my 2003 NHL Playoffs Wallpaper
 
oh thanks xor, i actually did use post and $_post, hehe, but i tend to use $_get when i test my script, so i know what's going on. thanks anyway.


ff
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top