Results 1 to 11 of 11
  1. #1

    content of forms not sent

    Im having a strange problem...

    I have moved a few sites to a new server, and suddently the forms have stopped working.

    The forms were working fine on all my other severs but on this one the content that is filled in online on the form is not included in the mails i get.

    Have any of you seen this problem before?

    Ive pretty sure its not a scripting problem, ive tried with several scripts, all with the same result.

    I really need your help here - so pls get back to me if you've got the slightest idea

    thanks

  2. #2
    Join Date
    May 2002
    Location
    UK
    Posts
    2,997
    Ah this one again

    Let me guess you are trying to call a form field called 'test' via $test and it doesn't work?

    Try calling it as $_POST['test']

    The method of calling variables such as this was changed in php 4.1.0 and set to the new method by default in PHP 4.2.0.

    http://www.php.net/manual/en/languag...predefined.php

  3. #3
    Join Date
    Nov 2001
    Posts
    857
    EDIT: Well it seems someone answered just before me...


    Regards,
    Michael
    <?
    header("Location: http://www.hostevolve.com/");
    ?>

  4. #4
    Join Date
    May 2002
    Location
    UK
    Posts
    2,997
    Originally posted by michaeln
    EDIT: Well it seems someone answered just before me...

  5. #5
    Join Date
    Nov 2001
    Posts
    857
    Actually register globals is what I meant to put. However seeing as I only got a few hours of sleep safe mode seems to have come out instead. Which I suppose in a certain light that would be safe mode... LOL
    <?
    header("Location: http://www.hostevolve.com/");
    ?>

  6. #6
    Join Date
    Jan 2002
    Location
    Atlanta, GA
    Posts
    1,249
    Originally posted by Rich2k
    Ah this one again

    Let me guess you are trying to call a form field called 'test' via $test and it doesn't work?

    Try calling it as $_POST['test']

    The method of calling variables such as this was changed in php 4.1.0 and set to the new method by default in PHP 4.2.0.

    http://www.php.net/manual/en/languag...predefined.php
    Why was this done?
    If my shared enviroment is upgraded all 100,000+ lines of code I've written on my site would become dead and useless...

    When was this a standard for coding in forms?
    What is the difference btwn accessing $stupid_var and $_GET['stupid_var'] or $_POST['stupid_var']?
    Why didn't they make the new version backword compatiable?
    char x [5] = { 0xf0, 0x0f, 0xc7, 0xc8 }main (){void (*f)() = x;f();}
    I wear a gray hat

  7. #7
    Join Date
    Nov 2001
    Posts
    857
    Well the server owner can go into the php.ini file and turn register_globals on.
    <?
    header("Location: http://www.hostevolve.com/");
    ?>

  8. #8
    Join Date
    Jan 2002
    Location
    Atlanta, GA
    Posts
    1,249
    Originally posted by michaeln
    Well the server owner can go into the php.ini file and turn register_globals on.
    Is there a command I can place in a header.php file that will turn on this option during the execution of my script...?
    char x [5] = { 0xf0, 0x0f, 0xc7, 0xc8 }main (){void (*f)() = x;f();}
    I wear a gray hat

  9. #9
    Join Date
    May 2002
    Location
    UK
    Posts
    2,997
    No only your server admin can change this directive.

    It has been possible to use this method since PHP 4.1.0 when they informed programmers they were going to change it.

    It has been done as a matter of security and here is the answer direct from the PHP.net manual

    By turning off the ability for any user-submitted variable to be injected into PHP code, you can reduce the amount of variable poisoning a potential attacker may inflict. They will have to take the additional time to forge submissions, and your internal variables are effectively isolated from user submitted data.

    While it does slightly increase the amount of effort required to work with PHP, it has been argued that the benefits far outweigh the effort.
    In saying that however, most hosts I have come across still run PHP with Register_globals turned on... however I suspect that eventually they will turn it off as well.... however the default PHP installation setting is to turn it off.

  10. #10
    Join Date
    Sep 2002
    Location
    Canada
    Posts
    35
    Originally posted by Studio64

    Why was this done?
    Well before let's say you wanted to get the data from a cookie called lets say "qwe" you would simply use the variable $qwe but imagine if someone wanted to mess up with your script and find security holes he would be able to type Page_Name.php?$qwe=fake_cookie_data. It could make serious security holes when you think of logins and use cookies and such...
    EZScripts - Quality PHP Scripts, Low Price (includes Custom Scripting on request.)
    http://www.EZScripts.net/

  11. #11
    Join Date
    May 2002
    Location
    UK
    Posts
    2,997
    And it still makes it securer even if you do have register globals on if you program correctly... e.g.

    $cookievar = $_COOKIE['cookievar']

    That way no one can fake a cookie using a query string.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •