darkwolf Posted May 30, 2007 Share Posted May 30, 2007 When I echo one of these variables, I get nothing.... Is this something in the php.ini, or ... My question is why do they stop working? Quote Link to comment https://forums.phpfreaks.com/topic/53653-http_refer-php_self-query_string/ Share on other sites More sharing options...
per1os Posted May 30, 2007 Share Posted May 30, 2007 You need to access them through $_SERVER array. IE <?php echo '<pre>', print_r($_SERVER),'</pre>'; echo $_SERVER['PHP_SELF']; ?> Quote Link to comment https://forums.phpfreaks.com/topic/53653-http_refer-php_self-query_string/#findComment-265213 Share on other sites More sharing options...
darkwolf Posted May 30, 2007 Author Share Posted May 30, 2007 Alright, thanks. Just weird thing is I've used them before just the way they are up there... Quote Link to comment https://forums.phpfreaks.com/topic/53653-http_refer-php_self-query_string/#findComment-265244 Share on other sites More sharing options...
trq Posted May 30, 2007 Share Posted May 30, 2007 They have long been deprecated in favor of the $_SERVER array. Quote Link to comment https://forums.phpfreaks.com/topic/53653-http_refer-php_self-query_string/#findComment-265250 Share on other sites More sharing options...
saf Posted May 31, 2007 Share Posted May 31, 2007 Previous versions of PHP (older than v5) had registar_globals turned on in the php.ini file, but since php5 they are disabled by default and the word is out that starting php6, php will no longer support registar_globals. If you don't know what registar_globals are, here is my take on it: If registar_globals is turned on php creates (registers) a variable for everything in the globals array ($_POST,$_GET,$_SERVER...). Basically, if you have something like $_POST['myFile'] php will create a $myFile variable for you that holds the same value as $_POST['myFile'] (Same goes for $_SERVER['php_self'] and the others that you mentioned). Now the reason for php to remove/disable registar_globals: Lets say that I check my login using the variable $isLoggedIn. The variable is set to 1 when I enter the corrrect username and password and set to 0 if I don't enter the correct username and password. This variable is then used to determine what I can access (e.g. if($isLoggedIn==1){//Do something} else {//Go back to login page}). Now if registar_globals is turned on and I am aware that the code uses the $isLoggedIn variable to manage access, I don't need to have the specific username and password to login. Instead I can just call the variable in the url and have it established (e.g. http://mysite.com/login.php?isLoggedIn=1). Now I have access to everything without logging in. Note: there are ways to prevent people from "hacking" into your website even when registar_globals are turned on, but it requires more work. Let me know if you need more explanation, Saf Quote Link to comment https://forums.phpfreaks.com/topic/53653-http_refer-php_self-query_string/#findComment-265340 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.