me1000 Posted February 12, 2007 Share Posted February 12, 2007 so i had this working a few hours ago, and to my knowledge i havnt changed anything! so why doesnt it work??? :'( if ($cmd =="search" && $before == "" ) { header( 'Location: http://www.site.com/3rd_ani_template/V2/template.php?type=html&page=search&before=yes&cmd=search&words='.$words.'&mode='.$mode.'&submit='.$submit ) ; }else{ echo "it doesnt work"; } the url when i goto that page is http://www.site.com/3rd_ani_template/V2/template.php?cmd=search&words=Search+some+word...&mode=normal&submit=Search so the if statement should see that "cmd = search" and that "before" is not defined, so it will redirect it to the same URL but defining the "before" variable in the URL. therefore showing the search page, where it would not be shown before! Thanks, Quote Link to comment Share on other sites More sharing options...
Jessica Posted February 12, 2007 Share Posted February 12, 2007 Change it to $before = trim($_GET['before']); and use if(strlen($before) == 0) Quote Link to comment Share on other sites More sharing options...
me1000 Posted February 12, 2007 Author Share Posted February 12, 2007 nope, that didnt work. its outputting the same thing as before... assuming I got the code write, here is what i have now, $before = trim($_GET['before']); if ($cmd =="search" && (strlen($before) == 0) ) { header( 'Location: http://www.site.com/3rd_ani_template/V2/template.php?type=html&page=search&before=yes&cmd=search&words='.$words.'&mode='.$mode.'&submit='.$submit ) ; }else{ echo "still not working"; } Quote Link to comment Share on other sites More sharing options...
Jessica Posted February 12, 2007 Share Posted February 12, 2007 Which is? is $cmd being defined? Quote Link to comment Share on other sites More sharing options...
redarrow Posted February 12, 2007 Share Posted February 12, 2007 <?php if ($cmd =="search" || $before == "" ) { header( 'Location: http://www.site.com/3rd_ani_template/V2/template.php?type=html&page=search&before=yes&cmd=search&words='.$words.'&mode='.$mode.'&submit='.$submit ) ; }else{ echo "it doesnt work"; } ?> Quote Link to comment Share on other sites More sharing options...
Yesideez Posted February 12, 2007 Share Posted February 12, 2007 Add this immediately before the IF statement: echo "cmd=$cmd<br />before=$before<br />words=$words<br />submit=$submit<br />"; Try that and copy and paste what you get back although this might tell you what the problem is in itself. Quote Link to comment Share on other sites More sharing options...
me1000 Posted February 12, 2007 Author Share Posted February 12, 2007 Which is? is $cmd being defined? cmd should be defined in the redirect, but its the "before" that isnt being defined, at all, the "else" is just there to tell me that one of the 2 conditions was not met. this is the URL after the redirect, http://www.site.com/3rd_ani_template/V2/template.php?cmd=search&words=Search+some+words&mode=normal&submit=Search redarrow || is or, both statements need to be true for it to redirect, and why i do an or, it my browser goes into an redirect loop! The code i used for you yesideez is as follows, echo "cmd=".$cmd."<br />before=".$before."<br />words=".$words."<br />submit=".$submit."<br />"; for the URL http://www.site.com/3rd_ani_template/V2/template.php?cmd=search&words=Search+StarTrek4u...&mode=normal&submit=Search and I got this back, cmd= before= words= submit= That doesnt make any since! Quote Link to comment Share on other sites More sharing options...
redarrow Posted February 12, 2007 Share Posted February 12, 2007 <?php if (($cmd =="search" )&&($before == "" )) { header( 'Location: http://www.site.com/3rd_ani_template/V2/template.php?type=html&page=search&before=yes&cmd=search&words='.$words.'&mode='.$mode.'&submit='.$submit ) ; }else{ echo "it doesnt work"; } ?> Tell me it it works ok. Quote Link to comment Share on other sites More sharing options...
me1000 Posted February 12, 2007 Author Share Posted February 12, 2007 <?php if (($cmd =="search" )&&($before == "" )) { header( 'Location: http://www.site.com/3rd_ani_template/V2/template.php?type=html&page=search&before=yes&cmd=search&words='.$words.'&mode='.$mode.'&submit='.$submit ) ; }else{ echo "it doesnt work"; } ?> Tell me it it works ok. nope, that didnt work. Quote Link to comment Share on other sites More sharing options...
Jessica Posted February 12, 2007 Share Posted February 12, 2007 You're trying to use your script as if register_globals was on. It's not. you need to get the variables, like I did in my example. Quote Link to comment Share on other sites More sharing options...
me1000 Posted February 12, 2007 Author Share Posted February 12, 2007 You're trying to use your script as if register_globals was on. It's not. you need to get the variables, like I did in my example. im almost positive it is, I had to tell my host to turn it on when i moved, I dont think they changed it... However, I may know why it isnt on... ill check with my host! Quote Link to comment Share on other sites More sharing options...
redarrow Posted February 12, 2007 Share Posted February 12, 2007 <?php if (($_GET['cmd'] =="search" )&& strlen($before == 0 )) { header( 'Location: http://www.site.com/3rd_ani_template/V2/template.php?type=html&page=search&before=yes&cmd=search&words='.$words.'&mode='.$mode.'&submit='.$submit ) ; }else{ echo "it doesnt work"; } ?> Quote Link to comment Share on other sites More sharing options...
Jessica Posted February 12, 2007 Share Posted February 12, 2007 No...don't do that - fix the script! Register Globals should never be on, it's a security hazard and it leads to poor coding practices, like the script here. Quote Link to comment Share on other sites More sharing options...
Yesideez Posted February 12, 2007 Share Posted February 12, 2007 cmd= before= words= submit= Did you put that before the if statement? If your URL is being populated then that lot shouldn't have come back empty. Quote Link to comment Share on other sites More sharing options...
me1000 Posted February 12, 2007 Author Share Posted February 12, 2007 ok, well thanks for pointing that out, im interested in how it is dangerous! the problem was the register_globals Quote Link to comment Share on other sites More sharing options...
redarrow Posted February 12, 2007 Share Posted February 12, 2007 When on, register_globals will inject your scripts with all sorts of variables, like request variables from HTML forms. This coupled with the fact that PHP doesn't require variable initialization means writing insecure code is that much easier. It was a difficult decision, but the PHP community decided to disable this directive by default. When on, people use variables yet really don't know for sure where they come from and can only assume. Internal variables that are defined in the script itself get mixed up with request data sent by users and disabling register_globals changes this. link http://uk.php.net/register_globals Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.