brown2005 Posted February 23, 2009 Share Posted February 23, 2009 if(!isset($page))$page="home"; switch($page) { case "home":$file="files/home.php"; break; case "test":$file="files/test.php"; break; } i have this code for changing pages, and i asked in a previous post about why it would work in one site and not in another, and i was told to switch on register globals, which i have seen a few times, as should be off, but how would i get around the above code, if i have them off Quote Link to comment Share on other sites More sharing options...
revraz Posted February 23, 2009 Share Posted February 23, 2009 Where do you set the $page variable? Is it from a URL or from a FORM POST? Quote Link to comment Share on other sites More sharing options...
brown2005 Posted February 23, 2009 Author Share Posted February 23, 2009 if i understand correctly. index.php?page=whateverpage here and this is the page i want to load. Quote Link to comment Share on other sites More sharing options...
kenrbnsn Posted February 23, 2009 Share Posted February 23, 2009 Never turn on register globals To make your code work, you need to use the correct superglobal array, in this case $_GET <?php $page = (isset($_GET['page']))?$_GET['page']:'home'; switch($page) { case "home": $file="files/home.php"; break; case "test": $file="files/test.php"; break; } ?> Ken Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted February 23, 2009 Share Posted February 23, 2009 i was told to switch on register globals I hope that was not on this forum! Quote Link to comment Share on other sites More sharing options...
brown2005 Posted February 23, 2009 Author Share Posted February 23, 2009 i was told to switch on register globals I hope that was not on this forum! no, i mean i wasnt told to turn them on.. i was told Probably the fact the one has register globals off (recommended) and one has them on (frowned upon). but i turned them on. which i now know was a no no. Quote Link to comment Share on other sites More sharing options...
killah Posted February 23, 2009 Share Posted February 23, 2009 What's wrong with register global's on if i may ask? Quote Link to comment Share on other sites More sharing options...
revraz Posted February 23, 2009 Share Posted February 23, 2009 Easy to inject your own variables as a hacker. Quote Link to comment Share on other sites More sharing options...
premiso Posted February 23, 2009 Share Posted February 23, 2009 but i turned them on. which i now know was a no no. Turn them off and fix your code to work properly. It is a security risk having them on and they will soon be left out (I think PHP6 you can no longer turn them on/off). Read up on them at http://www.php.net/register_globals Basically instead of accessing the variable with just $varname it would be $_GET['varname']. It is a very basic and easy change/fix to any code, just some people are to lazy to take the hour or so it may take to fix their variable declarations. EDIT: Security risk, potentially anyone can gain authenticated access to a site if the site is not coded properly by declaring variables. For example $_SESSION['loggedin'] is what a bunch of people use. If they just access this by $loggedin I just pass page.php?loggedin=true and wham I am authenticated. (Given that they did not code for this which if register_globals is on the chances are high.) Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted February 23, 2009 Share Posted February 23, 2009 That's not a statement that is telling you to turn them on. Why do I hope it was not on this forum, because register_globals was the worst security hole that was intentionally and deliberately added to a programming language. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.