Jump to content

php not working with register globals off

Guest groovejuice

By Guest groovejuice
in General Discussion

 Share

Recommended Posts

Guest groovejuice

Guest groovejuice

Posted
Posted

I'm using the following code to emulate a frame/iframe with php. It works as expected until I set register globals to off in htaccess. Then, none of the include pages load. I'm just teaching myself php, so forgive me if the answer is self-evident.

<?php

if (!isset($_GET['page'])) $page= 'bursaries'; 

 switch($page)

{

case 'bursaries': include ('bursaries.htm');break;

case 'board': include ('board.htm');break;

case 'agm':include ('agm.htm');break;

case 'contact':include ('contact.htm');break;

} 

?>

Link to comment
Share on other sites

Guest

Guest

Posted
Posted

I'm using the following code to emulate a frame/iframe with php. It works as expected until I set register globals to off in htaccess. Then, none of the include pages load. I'm just teaching myself php, so forgive me if the answer is self-evident.

<?php

if (!isset($_GET['page'])) $page= 'bursaries'; 

 switch($page)

{

case 'bursaries': include ('bursaries.htm');break;

case 'board': include ('board.htm');break;

case 'agm':include ('agm.htm');break;

case 'contact':include ('contact.htm');break;

} 

?>

I think I see the problem here. Your switch statement depends on the value of $page, when what you're actually looking for is $_GET['page']. Unless you set $page to $_GET['page'] they remain two completely separate variables.

There are different ways to code this, but I usually set the values of the simple variables (e.g., $page) at the top of my script so that I don't get cross-eyed looking at them later. So what you need to do is to set $page to the value of $_GET['page']. For example:

if (isset($_GET['page'])) $page = $_GET['page'];

else $page= 'bursaries';

Now $page should be what you're expecting (the value sent in the URL or the default page).

Link to comment
Share on other sites
Guest groovejuice

Guest groovejuice

Posted
Posted

Thanks Zap, I appreciate your help. I'll give it a shot. I'm curious as to why the original code works only with register globals on, though.

Link to comment
Share on other sites
Guest

Guest

Posted
Posted

Thanks Zap, I appreciate your help. I'll give it a shot. I'm curious as to why the original code works only with register globals on, though.

Well that's the difference between register_globals on and off. When register_globals is on all of the variables that PHP finds in the URL, form posts, sessions, and cookies are "registered" (meaning they are automatically available globally using their simple name, e.g. $page). When register_globals is off variables found in those sources are only available when you specify their source (_GET from the URL, _POST from forms, _COOKIE from cookies, _SESSION from the session, and _REQUEST from any of those places).

So this just means that when you want to use a variable from one of those sources when register_globals is off you need to look for it where you expect to find it (in one of the predefined arrays above). This keeps hackers from injecting global variables into your script in ways that you don't expect (usually via the query string in the URL, but also in form posts, etc.), so it is far more secure. All that coders need to do in order to adjust to this change is to take into account where these variables come from (see example above).

You can find out more about register_globals here.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...