Upgrading from 4.0.4 to 4.4.9 - getting form values

[Domhnall]

Hi All

 

One of our (very old) projects is currently running on PHP version 4.0.4pl1. For reasons I won't get into here we need to upgrade our php to 4.4.9. I have noticed something very strange when submitting values in forms. Below is a code sample I made up and Ive tested on 2 machines, one running 4.0.4 and one with the 4.4.9 upgrade.

 

<?php
print "This is a test!"
print $test_field;
print $test_button;
?>

<html>
<head><title>Testing </title></head>
<body>

<form name="test_form" method="POST" action="test.php">
<input type="text" name=test_user value="<?php echo $test_user?>">
<input type=submit name=test_button value="Login">
</form>

</body>
</html>

 

If I hit submit on the 4.4.9 machine the value test_field is not set (which seems normal to me). If I do it on the 4.0.4 machine the value is set! Basically our old php app relies on the 4.0.4 behavior. Does anybody know how I can get 4.4.9 php to act like it does in 4.0.4 or a simple workaround? Otherwise im headed straight for refactor hell!

 

Any help would be greatly appreciated. In the meantime I'll continue to dig through the change lists!

 

Cheers

Dom

[wildteen88]

The problems you're facing is to do with register_globals

 

register globals has since been disabled as of PHP4.3 and is to be removed completely in the upcoming PHP6 release. register globals can cause security exploits within your code and you should update your existing scripts so they do not rely on register_globals.

 

I also strongly urge you to upgrade your current versions of PHP4 to PHP5. PHP4 is no longer supported.

[PFMaBiSmAd]

Edit: Basically the same as above ^^^^^

 

This is due to register_globals being on to "magically" populate program variables from post/get/session/cookie variables and is not really anything to do with the php version.

 

Do NOT turn register_globals on. They have been completely removed in php6. They also allow a hacker to "magically" set session variables by simply putting a GET parameter on the end of the url when they visit your page.

 

You must use the correct post/get/session/cookie variables in your code. Your form, using the POST method, will set $_POST['test_field'] and $_POST['test_button'].

 

There are also a couple of functions that don't work when register_globals are off - session_register(), session_is_registered() and session_unregister(), that must be replaced with the equivalent reference to the session variable.

 

Why did you not upgrade to the latest php5 version? Except for a very few special cases, php4 code works unchanged under php5 (given the same php.ini settings.)

[acctman]

I recommend upgrading to the lastest 4 version & 5. Your hosting or Datacenter should be able to do this for you and you can select if you want php4 or php5 to be the default for your system. Then all you have to do is create a .htaccess with (AddHandler application/x-httpd-php4  or ... 5 at the top) in the root of any site you want to use a different version other than the default.

 

That helped me out a lot when repair any old script that used a lot of php4 shorthand like <? instead of the required <?php by php5