GET variable not being passed? 
Author Message
 GET variable not being passed?

Hey all!
I have a function that I am calling via the following method:
http://www.*-*-*.com/
In blah.php I'm doing a check 'if empty($f)' and it's always returning
true because, for a reason I can't determine, the value of 'f' is not
getting passed in.
I'm brand new to PHP but I though it was supposed to automatically
handle the GET variables?  Am I wrong about this?  What must I do?
Thanks for any help!


Fri, 05 Aug 2005 22:35:59 GMT  
 GET variable not being passed?

Quote:

> I have a function that I am calling via the following method:
> http://blah.com/blah.php?f=blah
> In blah.php I'm doing a check 'if empty($f)' and it's always returning
> true because, for a reason I can't determine, the value of 'f' is not
> getting passed in.

Recent versions of PHP have 'register_globals' off.

Try using $_GET['f'] instead of $f

--
Chris



Fri, 05 Aug 2005 22:43:36 GMT  
 GET variable not being passed?

Quote:

> Hey all!
> I have a function that I am calling via the following method:
> http://blah.com/blah.php?f=blah
> In blah.php I'm doing a check 'if empty($f)' and it's always returning
> true because, for a reason I can't determine, the value of 'f' is not
> getting passed in.
> I'm brand new to PHP but I though it was supposed to automatically
> handle the GET variables?  Am I wrong about this?  What must I do?
> Thanks for any help!

PHP used to handle GET variables that way. Now (unless register_globals
is enabled in php.ini) you should use $_GET['f'] for gets, $_POST['f']
for posts and using $_REQUEST['f'] is a combination of both $_GET and
$_POST. Also note that all automatic globals are now set inside these
'superglobals'. Look up super globals on php.net.

--
Ryan



Fri, 05 Aug 2005 22:45:01 GMT  
 GET variable not being passed?



Quote:
> Hey all!
> I have a function that I am calling via the following method:
> http://blah.com/blah.php?f=blah
> In blah.php I'm doing a check 'if empty($f)' and it's always returning
> true because, for a reason I can't determine, the value of 'f' is not
> getting passed in.
> I'm brand new to PHP but I though it was supposed to automatically
> handle the GET variables?  Am I wrong about this?  What must I do?
> Thanks for any help!

It used to work that way, and you can still make it to work that way, but
there is a security risk, and I advice you to do it the following way:

$f = $_GET["f"];

More information about get and post:
http://www.php.net/manual/en/tutorial.forms.php

More information about security:
http://www.php.net/manual/en/security.registerglobals.php



Fri, 05 Aug 2005 23:42:47 GMT  
 GET variable not being passed?

Quote:



>>Hey all!
>>I have a function that I am calling via the following method:
>>http://blah.com/blah.php?f=blah
>>In blah.php I'm doing a check 'if empty($f)' and it's always returning
>>true because, for a reason I can't determine, the value of 'f' is not
>>getting passed in.
>>I'm brand new to PHP but I though it was supposed to automatically
>>handle the GET variables?  Am I wrong about this?  What must I do?
>>Thanks for any help!

> It used to work that way, and you can still make it to work that way, but
> there is a security risk, and I advice you to do it the following way:

> $f = $_GET["f"];

And what difference is this to having register_global = On where the
supposed security risk is?

IMHO, there is no security risk with register_globals. The risk lies
entirely in the programmer. It doesn't matter if register_globals is on
or off if you _never_trust_user_input_ and validate all data and
initialize all variables before use. You should do this all the time -
it's a pain at first trying to remember, but after a while you will find
yourself doing it without thinking.

If you are using someone else's project, either find something else, or
fix it and submit the changes. Doing "fixes" like above doesn't take any
risks away, it simply gives a chance for the risk to survive.

--

PHP POSTERS: Please use comp.lang.php for PHP related questions,
              alt.php* groups are not recommended.



Sat, 06 Aug 2005 02:28:54 GMT  
 GET variable not being passed?



Quote:
> And what difference is this to having register_global = On where the
> supposed security risk is?

> IMHO, there is no security risk with register_globals. The risk lies
> entirely in the programmer. It doesn't matter if register_globals is on
> or off if you _never_trust_user_input_ and validate all data and
> initialize all variables before use. You should do this all the time -
> it's a pain at first trying to remember, but after a while you will find
> yourself doing it without thinking.

Ok, you are right, but I still advice keeping the register globals off. Just
in case. Little more security doesn't hurt you, right? It is just a little
precaution to eliminate human made errors.


Sat, 06 Aug 2005 03:10:15 GMT  
 GET variable not being passed?

Quote:



>>And what difference is this to having register_global = On where the
>>supposed security risk is?

>>IMHO, there is no security risk with register_globals. The risk lies
>>entirely in the programmer. It doesn't matter if register_globals is on
>>or off if you _never_trust_user_input_ and validate all data and
>>initialize all variables before use. You should do this all the time -
>>it's a pain at first trying to remember, but after a while you will find
>>yourself doing it without thinking.

> Ok, you are right, but I still advice keeping the register globals off. Just
> in case. Little more security doesn't hurt you, right? It is just a little
> precaution to eliminate human made errors.

That's why I test with these settings:
short_open_tag = Off
output_buffering = Off
allow_call_time_pass_reference = Off
error_reporting  =  E_ALL
display_errors = On
log_errors = On
register_globals = Off
magic_quotes_gpc = Off
magic_quotes_runtime = Off

That way I can catch damn near everything on just this server. (Then I
move on to the next server - different platform/settings/web server, etc.)

--

PHP POSTERS: Please use comp.lang.php for PHP related questions,
              alt.php* groups are not recommended.



Sat, 06 Aug 2005 04:07:49 GMT  
 GET variable not being passed?
Hum, I don't know if this would work, append : '&REMOTE_ADDR=foo' or
something like that to the url. Perhaps the use of $_SERVER['REMOTE_ADDR']
in your script make sure that the value of $REMOTE_ADDR come from the server
variable, not from another source.

Just my 2cents.



Quote:

> And what difference is this to having register_global = On where the
> supposed security risk is?

> IMHO, there is no security risk with register_globals. The risk lies
> entirely in the programmer. It doesn't matter if register_globals is on



Sat, 06 Aug 2005 05:39:00 GMT  
 
 [ 8 post ] 

 Relevant Pages 

1. openMP: threadprivate not effected and function variables not passed

2. I am not getting group messages

3. dpsh/dpwish arguments not getting passed

4. I am not deaf, but am I mute?

5. Geoip installed but not getting environment variables

6. php variables not passing through

7. session not passing variable

8. db variables not being passed

9. config xitami/php: variables not passed

10. Variable not passing in HTML form to PHP sendmail script

11. trouble with iis not passing variables

12. Variable Not Passed With $_SERVER['PHP_SELF']

 

 
Powered by phpBB® Forum Software