UBB.Dev
Posted By: Jamin HTTP header vars not working in PHP - 06/07/2002 9:06 PM
Ok, I am very new to PHP and MySQL, so please forgive my ignorance with this stuff. But the company I work for has appointed me to do their website, and I figure PHP/MySQL is prolly gonna be the easiest way to do it. So I'm teaching myself those languages in order to start working on it. But I'm running into problems.

I'm running Apache 2.0.36, PHP 4.2.1, and MySQL 3.23.49 all on my localhost Windows 2000 box. These work mostly fine, as far as I can tell. I can run PHP scripts (including PHPMyAdmin), connect to the database with them, etc. But my problem is, in either Apache or PHP, something is causing HTTP header information to not get sent or received correctly. Like, I make a form and attempt to send all the fields via GET/POST and have PHP add them all to the database, but the fields either don't get sent or don't get received correctly, regardless of whether I'm using GET or POST. Thus, nothing gets added to the database. The GET version does put all the form fields into the URL, but when the page is reloaded they do not get interpreted or something. They're just skipped over like they aren't even there.

Now, I've uploaded the script to my own actual website (which is on Linux) and it works perfectly. You can see it here - fill in the form and hit Submit, and it just echoes back what you filled in. Works fine and dandy. But it won't work on my localhost one.

So my question is, did I do something wrong with either PHP or Apache that's causing it to not use the header vars? Some configuration setting I missed, maybe? Thanks in advance for any help you can provide, it's much appreciated!!!

---Jamin
Posted By: Brett Re: HTTP header vars not working in PHP - 06/13/2002 11:26 PM
Woah, i'm having the same problem here. I'm running apache 2.0.36 and PHP 4.2.1 and no http headers vars are being sent at all for me. Everything works fine.

I don't think it'd be apache, more likely the php is misconfigured from my guess.

If anybody knows why, i'm all ears.
Posted By: Jamin Re: HTTP header vars not working in PHP - 06/15/2002 12:20 AM
Mine started working almost right after I posted that message. I dunno what the deal was. I'm having to use $_GET["varname"] (or $_POST["varname"]) instead of just $varname though. But that's what I was doing the whole time and it still wasn't working right at first for some reason. Oh well, works now so it's all good. laugh

---Jamin
Posted By: Brett Re: HTTP header vars not working in PHP - 06/17/2002 11:58 PM
i did something like that with $_GET, but in a loop.

[code][/code]
Posted By: Matt Jacob Re: HTTP header vars not working in PHP - 06/18/2002 11:40 AM
I dunno how I missed this thread before, but here's the deal. Jamin, yes, you've already found the solution, but lemme explain why it works like it does.

Somewhere around PHP 4, the developers decided to make a few changes, which affects the way global variables are handled. It's easy to fix on your dev server--just simply change one variable in your php.ini file. Find the line that says "register_globals = Off" and change it to "register_globals = On". But first, read more about this issue at the link I provided.

It's important to understand the possible security concerns when writing scripts that use form data as variables. In theory, it shouldn't make a bit of a difference to you on your local machine, but since you're copying the files over to a real server anyway, take a look. smile
Posted By: Jamin Re: HTTP header vars not working in PHP - 06/21/2002 4:34 PM
Thanks for the advice, MJ. I left that globals thing turned off on my test board, so everything is being developed with that concern in mind.

But now I've got another question: if I can't use form data as variables, how do I use it??? No tutorial or info I've ever came across says anything other than variables. And that sure seems to be the most efficient way, even if there are some security concerns. But is there some other safer way to use the form data that I should be using? How do other scripts handle it? Like, discussion boards rely on forms quite a bit, so how come we don't see everyone's vB getting hijacked by l33t 5cr1p7 k1dd13z every five minutes?

If it matters, all of my forms use POST instead of GET, which I would think would be safer because the URL query string isn't involved. And for the few things I do use the URL for (mostly telling the script which function to run, same deal as ?ubb=get_topic or what have you), I wrote myself a cute little encryptor thingy that masks the query string before sending it to the browser. It's no RC6, by any means, but it gets the job done and will tack on a few extra minutes before the would-be attacker can figure out how it works and exploit it. The other thing I've got going for me is that almost all of the forms are only in the admin cp area, which is (or will be) protected by user authentication - in theory only company employees will ever even see it, and they're not exactly the most computer-literate group of people I've came across, so I doubt there will be any hostile takeover attempts from them.

Sorry for all the questions, but like I said, I'm very new at this. And my company is very paranoid about security stuff, so I figure I may as well cover all my bases and make this thing as secure as possible. Thanks again. smile

---Jamin
Posted By: AllenAyres Re: HTTP header vars not working in PHP - 06/27/2002 9:47 PM
vb's could be hacked using variations of this. when threads went to 5.5, it was written so that it would run with globals off, partly because they had the foresight that many ISP's would be upgrading php and would leave globals off due to recommendations from the php group.
Posted By: Matt Jacob Re: HTTP header vars not working in PHP - 07/03/2002 9:10 AM
[code][/code]
© UBB.Developers