[opensuse] Submitting parameters to php
By default submitting parameters to php is not possible. Previously, this option could be turned on by setting register_globals = On in the files /etc/php5/apache2/php.ini and /etc/php5/cli/php.ini Now, under openSuSE 13.2, these settings are still accepted, but without having any effect. Any workaround? Thanks in advance for your help! Regards, Wolfgang -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/05/2016 10:51 AM, Wolfgang Mueller wrote:
By default submitting parameters to php is not possible. Previously, this option could be turned on by setting
register_globals = On
in the files /etc/php5/apache2/php.ini and /etc/php5/cli/php.ini
Now, under openSuSE 13.2, these settings are still accepted, but without having any effect.
Any workaround?
Thanks in advance for your help!
Context please. Are you talking about an application that is running under Apache? What is it? For example, I run phpMyAdmin for my Maria databases. Any "parameters" come from the specific config for phpMyAdmin. Or, perhaps, with that example, as I have a number of databases on different machines, filling in the form on the fields on the screen. I did nothing with the file you mention to get this to work. In fact I was unaware that it even existed until you mentioned it. I thin you are over micromanaging this. Something must be very wrong with your set-up, based on this and the other thread, because I just installed Apache and it gave me the "it Works" message and I just installed phpMyAdmin and it just worked, and the same for owncloud. Perhaps I'm naive in trusting things like Yast and the people who do package this stuff for openSuse, but these seem to be common, widely used items and so I would expect them to be well worked out. -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
I don't have the original email, I don't think I receive everything coming from openSUSE. Anton Aylward schreef op 05-05-2016 18:03:
On 05/05/2016 10:51 AM, Wolfgang Mueller wrote:
By default submitting parameters to php is not possible. Previously, this option could be turned on by setting
register_globals = On
in the files /etc/php5/apache2/php.ini and /etc/php5/cli/php.ini
Now, under openSuSE 13.2, these settings are still accepted, but without having any effect.
Any workaround?
Thanks in advance for your help!
If I take it correctly register_globals is for certain $_SERVER[] variables to be put in the main namespace, isn't that everything? I can look it up but I thought that is what it was. What I mean is that $_GET parameters and its ilk are accissable straight by their names, such that $_GET['id'] will translate to $id. But what I hear you say is that you cannot get to those parameters. However you should still be able to get them with $_GET or $_PUT or whatever. Right? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Wolfgang Mueller wrote:
By default submitting parameters to php is not possible.
Wolfang, can you explain what you mean by "submitting parameters to php"? As we are in apache mode, parameters to php are usually specified on the URL: http://your.site/phpscript?parm1=wolfgang&parm2=anton You access those through $_GET[]
Previously, this option could be turned on by setting
register_globals = On
Register_globals is gone as of php 5.4.0. -- Per Jessen, Zürich (20.2°C) http://www.hostsuisse.com/ - virtual servers, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/05/16 19:08, Per Jessen wrote:
Wolfgang Mueller wrote:
By default submitting parameters to php is not possible.
Wolfang, can you explain what you mean by "submitting parameters to php"? As we are in apache mode, parameters to php are usually specified on the URL:
This URL gives an excellent example of what I mean with "submitting parameters to php": The data submitted to phpscript are: $parm1 = "wolfgang"; $parm2 = "anton";
You access those through $_GET[]
So, if I understand you well, I have to write $_GET["parm1"] and $_GET["parm2"] instead of simply $parm1 and $parm2. Is that correct?
Previously, this option could be turned on by setting
register_globals = On
Register_globals is gone as of php 5.4.0.
That's a pity because the $_GET[] syntax is a little bit lengthy. Anyway, thanks a lot. Bye, Wolfgang -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Wolfgang Mueller wrote:
On 05/05/16 19:08, Per Jessen wrote:
Wolfgang Mueller wrote:
By default submitting parameters to php is not possible.
Wolfang, can you explain what you mean by "submitting parameters to php"? As we are in apache mode, parameters to php are usually specified on the URL:
This URL gives an excellent example of what I mean with "submitting parameters to php": The data submitted to phpscript are:
$parm1 = "wolfgang"; $parm2 = "anton";
You access those through $_GET[]
So, if I understand you well, I have to write $_GET["parm1"] and $_GET["parm2"] instead of simply $parm1 and $parm2. Is that correct?
Yep, that is correct.
Previously, this option could be turned on by setting
register_globals = On
Register_globals is gone as of php 5.4.0.
That's a pity because the $_GET[] syntax is a little bit lengthy. Anyway, thanks a lot.
Are you new(ish) to PHP? I've been using PHP on apache for maybe ten years and I've never used "register_globals", I've always considered it a bad practice. -- Per Jessen, Zürich (15.1°C) http://www.dns24.ch/ - your free DNS host, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
tOn 05/05/16 20:59, Per Jessen wrote:
Are you new(ish) to PHP? I've been using PHP on apache for maybe ten years and I've never used "register_globals", I've always considered it a bad practice.
No, I'm an old PHP user, since 2001 or so. The fact that I'm not familiar with $_GET[] has historical reasons, I try to line out briefly. Since in PHP 3 and PHP 4.0 (before 2003), parameters could be submitted directly, I had got used to this (bad) style of programming. But in PHP 4.2 this did not work anymore, but there was the workaround of setting "register_globals = On". So, I could keep my old programming style until now. Vices are durable. ;) This afternoon, I have found a simple trick to use $_GET[] without reprogramming the whole scripts. It is just sufficient to put a line in the beginning of ever script that attributes the values submitted in the URL to the homonymous variable: $param1 = $_GET["param1"]; $param2 = $_GET["param2"]; etc. I already tested it with three scripts, and it seems to work pretty well. Good night, Wolfgang -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
2016-05-05 22:28 Wolfgang Mueller:
This afternoon, I have found a simple trick to use $_GET[] without reprogramming the whole scripts. It is just sufficient to put a line in the beginning of ever script that attributes the values submitted in the URL to the homonymous variable:
$param1 = $_GET["param1"]; $param2 = $_GET["param2"]; etc.
I already tested it with three scripts, and it seems to work pretty well.
You beg for punishment, don't you? :) I hope those scripts are not accessible from the web. Or that they don't run on a host where productive data is kept. Taking input without sanity checks is... dangerous. I am glad that the insane construction of old times, where every input parameter was taken directly into a variable, is abandoned. You never knew if some hacker set a variable to some unexpected value simply by adding it to the URL. Werner -- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Am 07.05.2016 um 11:02 schrieb Werner Flamme:
2016-05-05 22:28 Wolfgang Mueller:
This afternoon, I have found a simple trick to use $_GET[] without reprogramming the whole scripts. It is just sufficient to put a line in the beginning of ever script that attributes the values submitted in the URL to the homonymous variable:
$param1 = $_GET["param1"]; $param2 = $_GET["param2"]; etc.
I already tested it with three scripts, and it seems to work pretty well.
You beg for punishment, don't you? :) I hope those scripts are not accessible from the web. Or that they don't run on a host where productive data is kept. Taking input without sanity checks is... dangerous.
... I thought the same on first sight. But then again, as he uses his old scripts I guess the adequate tests will follow using his variable names. With just "$param1 = $_GET["param1"];" as much as I know nothing can happen. Important is what follows, i.e. how he uses these variables, and I guess he id not put these things in the post to not bloat it... Daniel -- Daniel Bauer photographer Basel Barcelona http://www.daniel-bauer.com room in Barcelona: https://www.airbnb.es/rooms/2416137 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Op donderdag 5 mei 2016 20:59:46 CEST schreef Per Jessen:
Wolfgang Mueller wrote:
On 05/05/16 19:08, Per Jessen wrote:
Wolfgang Mueller wrote:
By default submitting parameters to php is not possible.
Wolfang, can you explain what you mean by "submitting parameters to php"? As we are in apache mode, parameters to php are usually specified on the URL:
This URL gives an excellent example of what I mean with "submitting
parameters to php": The data submitted to phpscript are: $parm1 = "wolfgang"; $parm2 = "anton";
You access those through $_GET[]
So, if I understand you well, I have to write $_GET["parm1"] and $_GET["parm2"] instead of simply $parm1 and $parm2. Is that correct?
Yep, that is correct.
Previously, this option could be turned on by setting
register_globals = On
Register_globals is gone as of php 5.4.0.
That's a pity because the $_GET[] syntax is a little bit lengthy. Anyway, thanks a lot.
Are you new(ish) to PHP? I've been using PHP on apache for maybe ten years and I've never used "register_globals", I've always considered it a bad practice. A big +1 from me.
-- Gertjan Lettink, a.k.a. Knurpht openSUSE Board Member openSUSE Forums Team -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (7)
-
Anton Aylward
-
Daniel Bauer
-
Knurpht - Gertjan Lettink
-
Per Jessen
-
Werner Flamme
-
Wolfgang Mueller
-
Xen