[opensuse] global_variable of the apache2 dissapears since SuSE10.2?
Dear my friends...
I create a very simple script in html and php as a first step. I use suse, apache2, mysql and php.
I wonder why this script does not work:
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1" http-equiv="content-type">
<title>Guru - Virtual bookstore who understands you for those want to be a GURU</title>
</head>
<body>
Help us for statistic data collection for increasing our service by 'filling our guestbook'.<br>
<form action="cgi/cgibukutamu.php" method="post">
<table>
<tr><td align="right">Name: </td><td align="left"><input type="text" name="tfnama"></td></tr>
<tr><td align="right">Location: </td><td align="left"><input type="text" name="tflokasi"></td></tr>
<tr><td align="right">E-Mail: </td><td align="left"><input type="text" name="tfemail"></td></tr>
<tr><td align="right">URL: </td><td align="left"><input type="text" name="tfurl"></td></tr>
<tr><td align="right">Comments: </td><td align="left"><input type="text" name="tfkomentar"></td></tr>
<tr><td align="right"><input type="submit"></td><td align="left"><input type="reset"></td></tr>
</table>
</form>
</body>
</html>
The value of "tfnama" is empty.
cgi/cgibukutamu.php
<html>
<table>
<tr><td></td><td></td></tr>
<tr><td align="right">Name</td><td align="left"><?php echo "$tfnama" ?></td></tr>
</table>
</html>
I had a look the into the "/etc/apache2" but I didn't find any "global_variable" switch as I used to find in httpd.conf
"
suseonthelap:/etc/apache2 # grep -n -r "global_variable" ./*
suseonthelap:/etc/apache2 #
"
I got used to find "global_variable=on" line in the httpd.conf.
What should I do now? Please tell me.
--
Patrik Hasibuan
On Thu, 26 Jul 2007, Patrik Hasibuan wrote:- <snip>
The value of "tfnama" is empty. cgi/cgibukutamu.php <html>
<!-- Add these lines here --> <?php $tfnama=$_POST['tfnama']; ?> <!-- and it'll extract the value for tfnama so you can use it -->
<table> <tr><td></td><td></td></tr> <tr><td align="right">Name</td><td align="left"><?php echo "$tfnama" ?></td></tr> </table> </html>
I had a look the into the "/etc/apache2" but I didn't find any "global_variable" switch as I used to find in httpd.conf
Since I have only a little knowledge of PHP, I didn't know if any "global variables" exist. I assumed they wouldn't, as by keeping then, they're going to have to be passed to every worker as they are started, and that is going to take up extra resources. However, I've learnt something new today and, that PHP does have global variables. As I suspected, there is a performance issue with having them enabled, and there's also a possible security issue, which hadn't occurred to me.
" suseonthelap:/etc/apache2 # grep -n -r "global_variable" ./* suseonthelap:/etc/apache2 # "
I got used to find "global_variable=on" line in the httpd.conf.
I've searched the apache2 config files for 9.0, 9.3 and 10.0, and none of them have that in them. However, in the file /etc/php5/apache2/php.ini there are these lines: ; - register_globals = Off [Security, Performance] ; Global variables are no longer registered for input data (POST, GET, cookies, ; environment and other server variables). Instead of using $foo, you must use ; you can use $_REQUEST["foo"] (includes any variable that arrives through the ; request, namely, POST, GET and cookie variables), or use one of the specific ; $_GET["foo"], $_POST["foo"], $_COOKIE["foo"] or $_FILES["foo"], depending ; on where the input originates. Also, you can look at the ; import_request_variables() function. ; Note that register_globals is going to be depracated (i.e., turned off by ; default) in the next version of PHP, because it often leads to security bugs. ; Read http://php.net/manual/en/security.registerglobals.php for further ; information. and: ; You should do your best to write your scripts so that they do not require ; register_globals to be on; Using form variables as globals can easily lead ; to possible security problems, if the code is not very well thought of. register_globals = Off
What should I do now? Please tell me.
Use $_POST['']; or $_GET['']; to get the values instead. Regards, David Bolt -- Member of Team Acorn checking nodes at 100 Mnodes/s: www.distributed.net RISC OS 3.11 | SUSE 10.0 32bit | SUSE 10.1 32bit | openSUSE 10.2 32bit RISC OS 3.6 | SUSE 10.0 64bit | SUSE 10.1 64bit | openSUSE 10.2 64bit TOS 4.02 | SUSE 9.3 32bit | | openSUSE 10.3a6 32bit -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Wow..... you expanded my knowledge....
My problem has been solved. Thank you very much, David.
===
On Wed, 25 Jul 2007 23:59:53 +0100
David Bolt
opensuse@opensuse.org
--
Patrik Hasibuan
David Bolt escribió:
However, I've learnt something new today and, that PHP does have global variables. As I suspected, there is a performance issue with having them enabled, and there's also a possible security issue, which hadn't occurred to me.
This is the most infamous and dangerous PHP feature and should not be used, it is disabled by default since PHP 4.2.0 and nowdays does not exists anymore (removed in PHP6 which is under development) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (3)
-
Cristian Rodriguez R.
-
David Bolt
-
Patrik Hasibuan