Making form code work without register_globals

[Neo-dark]

hey all

I have a form on my website,which 3 variables ontop a script
1.) Domainname
2.) User
3.)Password

I am trying to pass these variables to the script with a small form.

I know it works when I have Globals,when I turn it off it says it didn't get the domainname; Of course this is true because he doesnt pass the data to the script.

Is there a way to turn on globals for just those 2 files? Or a way to make it work without?

[manavo11]

How is your code exactly? The form should have a method (get or post) and an action (file where you get redirected and data is sent). In the other file (what you specified in the action attribute of the form earlier), you use :

Code:

<?php echo $_GET['input_name']; ?>

Code:

<?php echo $_POST['input_name']; ?>

Is this what you mean?

[penagate]

register_globals is a very bad idea. Use manavo's suggestions instead.

[manavo11]

penagate, if I'm not mistaken, isn't it automatically disabled in newer versions of PHP?

[penagate]

It's disabled by default from version 4.2.0 onwards, and removed in version 6.0.0.

[Neo-dark]

penagate, if I'm not mistaken, isn't it automatically disabled in newer versions of PHP?

Its disabled from version 5.0 yes,I turned it on for testing purposes but now I cannot get the script to work without.
Also; In 6.0 it will be completely gone so I would like a way to make it work.
I'll post the script tonight, I think I have a clue on how to do it now though.

[manavo11]

It would be best to make it work without globals, and make sure they are always disabled. I've seen some amusing bugs caused by globals

[Matt_T_hat]

The best way to develop php is to turn off as much as you can but push error reporting to the max so even tiny matters of style give errors. It's a nightmare for a little while (I can still remember some of the novel swearwords that came to mind) but after a while you find you are producing very robust and portable code without thinking about it too much.

Register globals simple takes the content of the following arrays

$_GET, $_POST, $_COOKIE ($_SERVER ?)

and puts them as global variables so $_GET['bob'] becomes $bob but so does $_POST['bob'], $_COOKIE['bob'] ...

This can realy hurt you if you use a variable lets call it $fred and $fred starts out without any value. If $fred does something powerful like say exec($fred) or mysql_query($fred) or something like that I could pass data like this:

yourscript.php?fred=DROP * WHERE 1=1;

or something just as nasty.

Worse yet you might have a value $logged in that is set to 1 when the user logs in or 2 if the user is admin.

yourscript.php?logged=2

this would make me an admin with the register globals switched on.

I mention all this because when I started php people would rant at me about never turn register globals on and I had no idea what they were talking about. I know now and I know why but back then I was "what's the harm?"

Hope that tips you in the right direction.