Recently, i moved one of my websites to a different server (both are running the same version of PHP: 4.3.10) only to find out that I was not able to navigate through parts of the site or users could not fill out forms because of a small Get & Post Var problem.

On the original server, i was able to define both GET and POST variable simply by their key name (say /?username=leavethisplace i could simply use $username). However, when moving to the new server, it seemed not to like this idea, and it would mean me going through the whole site (some 50+ PHP files) and change all my GET and POST variables to $HTTP_POST/GET_VARS respectively. Is there any quick way around this? As i really don't want to have to go through all the scripts just because of a server change.

Sorry if this has been bought up before, I did try searching the site forums about this, any help would be great!

I do know a solution to your problem. Download the Textpad editor (http://www.textpad.com) or some other that allows multiple open files and trans-file replacements. You should be able to make global replacements across all your files at once. (This is found under the Find... dialog in Textpad and is very useful. I use it all the time.)

Secondly, you should be using $_POST and $_GET superglobal arrays for reading POST and GET values. The use of the $HTTP_GET_VARS and $HTTP_POST_VARS arrays is deprecated.

$HTTP_POST/GET_VARS is old, you use $_POST and $_GET now.

But in answer to your question, you can take the easy way out an re-enable register_globals (which allows you to simply use the variable name) by either setting the config value in a htaccess file, or doing some simple PHP to globalize your variables. (Most hosts won't allow you to enable it in your php.ini, so these are the only options left)

For the htaccess route, create your htaccess file and place this in it:

Code:

php_value register_globals on

For the PHP route, put this in your files:

PHP Code:

foreach( array('_GET', '_POST', '_COOKIE') AS $__superglobal__ )
{
    foreach($$__superglobal__ AS $__key__ => $__val__)
        $GLOBALS[ $__key__ ] = $__val__;

    unset($$__superglobal__);
} 


This is "reregister" your variables into the global scope.

Just a note that you should get in the habit of programming your scripts with register globals disabled, as it will force you to be more secure.

Follow Kyrnts advice.

As for the reason why it works on one host and not the other is because your first host had register_globals turned on, this allowed the use of using just the variable rather then the $_POST and $_GET arrays. Your new host has them turned off. A lot of hosts turn them off because it can pose a security risk if not used properly.

Yet another solution to this problem is using the extract ( array var_array [, int extract_type [, string prefix]] ) function to make the GET and POST superglobals act as though register globals was on.

As far as I know this is the most secure method of doing so because your not actually turning register globals on therefore the variables still have to come from a valid and trusted source.

nice work guys, thanks for the sound advice! Finally, a resource where flaming from supposed "pro's" does not happen.

Thanks for the help

Quote:

Originally Posted by cptnwinky

Yet another solution to this problem is using the extract ( array var_array [, int extract_type [, string prefix]] ) function to make the GET and POST superglobals act as though register globals was on.

As far as I know this is the most secure method of doing so because your not actually turning register globals on therefore the variables still have to come from a valid and trusted source.

Can you please explain how this method is more secure when they essentially do the same thing ? Nothing is secure about dumping all data with 'random' variable names into the global namespace. It's bad advise like this that leads to insecure scripts.

The security problem comes from not checking variables and sanatizing user input, not whether or not register globals is on (although it doesn't help).

Always remember; TRUST NOTHING.

Always code with error_reporting set to E_ALL (don't forget to switch it off when finished). This will help you find unchecked variables.

Always check your variables contain what you want and what the function expects. Throw an error to the user if they do not.