Im having a strange problem...

I have moved a few sites to a new server, and suddently the forms have stopped working.

The forms were working fine on all my other severs but on this one the content that is filled in online on the form is not included in the mails i get.

Have any of you seen this problem before?

Ive pretty sure its not a scripting problem, ive tried with several scripts, all with the same result.

I really need your help here - so pls get back to me if you've got the slightest idea :)

thanks

Ah this one again

Let me guess you are trying to call a form field called 'test' via $test and it doesn't work?

Try calling it as $_POST['test']

The method of calling variables such as this was changed in php 4.1.0 and set to the new method by default in PHP 4.2.0.

http://www.php.net/manual/en/language.variables.predefined.php

EDIT: Well it seems someone answered just before me...


Regards,
Michael

Originally posted by michaeln
EDIT: Well it seems someone answered just before me...

:cool:

Actually register globals is what I meant to put. However seeing as I only got a few hours of sleep safe mode seems to have come out instead. Which I suppose in a certain light that would be safe mode... LOL

Originally posted by Rich2k
Ah this one again

Let me guess you are trying to call a form field called 'test' via $test and it doesn't work?

Try calling it as $_POST['test']

The method of calling variables such as this was changed in php 4.1.0 and set to the new method by default in PHP 4.2.0.

http://www.php.net/manual/en/language.variables.predefined.php

Why was this done?
If my shared enviroment is upgraded all 100,000+ lines of code I've written on my site would become dead and useless...

When was this a standard for coding in forms?
What is the difference btwn accessing $stupid_var and $_GET['stupid_var'] or $_POST['stupid_var']?
Why didn't they make the new version backword compatiable?

Well the server owner can go into the php.ini file and turn register_globals on.

Originally posted by michaeln
Well the server owner can go into the php.ini file and turn register_globals on.

Is there a command I can place in a header.php file that will turn on this option during the execution of my script...?

No only your server admin can change this directive.

It has been possible to use this method since PHP 4.1.0 when they informed programmers they were going to change it.

It has been done as a matter of security and here is the answer direct from the PHP.net manual

By turning off the ability for any user-submitted variable to be injected into PHP code, you can reduce the amount of variable poisoning a potential attacker may inflict. They will have to take the additional time to forge submissions, and your internal variables are effectively isolated from user submitted data.

While it does slightly increase the amount of effort required to work with PHP, it has been argued that the benefits far outweigh the effort.

In saying that however, most hosts I have come across still run PHP with Register_globals turned on... however I suspect that eventually they will turn it off as well.... however the default PHP installation setting is to turn it off.

Originally posted by Studio64

Why was this done?


Well before let's say you wanted to get the data from a cookie called lets say "qwe" you would simply use the variable $qwe but imagine if someone wanted to mess up with your script and find security holes he would be able to type Page_Name.php?$qwe=fake_cookie_data. It could make serious security holes when you think of logins and use cookies and such...

And it still makes it securer even if you do have register globals on if you program correctly... e.g.

$cookievar = $_COOKIE['cookievar']

That way no one can fake a cookie using a query string.