slushpuppie Posted January 2, 2009 Share Posted January 2, 2009 i'm trying to help someone fix some code we 'inherited'... i know any of you will stop reading right there, but to those that continue on: this code is not very pretty, but it's been working. and basically it seems that yesterday (new year's day) a bunch of the sites stopped working. i'm sure this is purely coincidence, but basically here is what's happening. the admin pages all go through index.php, and within index there is something like: if ($urlAction=="page_edit") include "page_edit.php"; else if ($urlAction=="page_update") include "page_update.php"; and $urlAction SHOULD BE set to $_REQUEST['urlAction']... but this appears no where in the code, also if i add in a line like $urlAction = $_REQUEST['urlAction']; above the ifelse, that part WILL work, except any time variables are supposed to be set to request variables there is no declaration i can find of it. i'm not sure what version of php this was initially built for, but it was ported over to our server and seemed to be working fine for a week or two, and then just stopped yesterday (when no one was even in working on it). is there some old deprecated way that you could set a variable named the same as the request variable without actually declaring it? like any way that $item could equal $_REQUEST['item'] without actaully setting $item equal to it somewhere? i don't see any loops that create/set variables or anything. one of the pages a form submits to has nothing but: $result = mysql_query("UPDATE customers SET BILL_TITLE='$billTitle', BILL_LAST_NAME='$billLast' .................. and a redirect. i do not see a single place that $billTitle could have been set (it is found no where else in the code at all).... banging my head against a wall here trying to figure out what the issue could be... any input would be appreciated. Quote Link to comment Share on other sites More sharing options...
GingerRobot Posted January 2, 2009 Share Posted January 2, 2009 Sounds like all of your problems are to do with the register_globals directive. Perhaps someone finally got round to turning this off (it should be off, it's a security issue), causing you a problem. Either fix your code to work with the superglobal arrays(best method), turn them back on or write something to create local variables from all inputs (such as that found here) Quote Link to comment Share on other sites More sharing options...
slushpuppie Posted January 2, 2009 Author Share Posted January 2, 2009 that is the exact problem... thank you so much. i've never actually worked with a site utilizing register_globals on, because it's been considered "bad" since i was still in school. now i know... and i wonder how long ago this code was actually written... if it's that old or if it was just done using bad practices. Quote Link to comment Share on other sites More sharing options...
GingerRobot Posted January 2, 2009 Share Posted January 2, 2009 Unfortunately it took an awful long time for a lot of hosts to turn the setting off due to so many older scripts relying on them and the expected nightmare of dealing with 4 billion "my site's broken" support requests. This meant it look even longer for some people to become aware that it was a bad practice - there used to be a lot of people who just thought that was how PHP worked. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.