QUERY_STRING not being carried over ??

[Nickalf]

Hi Scripters,

 

I just installed a newer Ubuntu Distro and my dataBase readouts stopped working.

 

I tried a simple test URL/TestForDb.php?dBase=RENJ&Name=Test without success

and also tried the same as a FORM with both GET and POST

 

Any ideas why php would stop accepting data sent to it ?

 

<HTML><head><TITLE>Test Access</TITLE></head>
<Body>
<h1>Testing</h1>

<?php
print "dBase=[$dBase] Name=[$Name]\n";
?>

</Body></html>

 

All I get is:

Testing

dBase=[] Name=[]

 

Thanks,

Nickalf. . .

[PFMaBiSmAd]

Where in your code are you setting the variables $dBase and $Name from the corresponding $_GET variables?

[PFMaBiSmAd]

Longer answer - the posted code relies on register_globals to "magically" populate program variables from external GET variables.

 

Register_globals also "magically" allowed hackers to set variables in your script that you expected to come from session variables. Register_globals have been OFF by default since April 2002 (7 full years ago) in php4.2 because of this huge security hole. They have been completely removed in php6.

 

No web host, tutorial, script, book, xAMP package, php distribution, development system, or php developer should still have them on or rely on them at this point in time in the year 2009.

 

If you are new to php programming, you should only know how to use $_POST/$_GET/$_SESSION/$_COOKIE/$_SERVER variables and if you have been programming in php for any length of time you should be fully aware of the problems caused by register_globals and know not to use them. This is not exactly a secret.

 

I continue to be amazed that we are still seeing problems and wasted time caused by register_globals 7 years after the fact.