PHP; $_GET and POST data.

On most versions of PHP I have used (that I have not installed myself), variables are automatically populated when the page is loaded (i.e. variables in the address line or POST variables from forms ect.). However, at the moment on the copy of PHP4 I have just installed, I am required to use the $_GET command (or variation) to get the variables from the last page or address line.

Is there an option in php.ini to make it automatically grab these variables?

Thanks in advance.

4 Replies

I have found the problem.

For anybody that's interested, in php.ini there is an option called: 'register_globals'. By default, the line is:

register_globals = Off

you must change this to:

register_globals = On

I apologize for the waste of a thread.

Actually, register globals does something else and is not the solution.

$GET, $POST, $SESSION, $REQUEST, $_SERVER, $GLOBALS, etc. are called "superglobals" variables and are always available and populated since PHP v4.1.0 whenever there is a request made to the page in question.

Register globals (which is an old method of php programming and NOT recommended) will transform each parameter from a GET or POST http query query string to a PHP variable … meaning:

If you requested "index.php?user=john&location=atlanta" then inside index.php you will have available 2 variables: $user which value is the string "john" and $location which value is "atlanta".

This method of programming is not recommended for various security reasons as well as bad way of programming (there are hundreds of pages writton on "register globals" in php). You can read what the php developers have to say: http://php.net/manual/en/security.registerglobals.php. Register globals should be always turned off which in fact is stated in the ini file also just above it. From the php.ini file:
> ; - register_globals = Off [Security, Performance]

; Global variables are no longer registered for input data (POST, GET, cookies,

; environment and other server variables). Instead of using $foo, you must use

; you can use $_REQUEST["foo"] (includes any variable that arrives through the

; request, namely, POST, GET and cookie variables), or use one of the specific

; $GET["foo"], $POST["foo"], $COOKIE["foo"] or $FILES["foo"], depending

; on where the input originates. Also, you can look at the

; importrequestvariables() function.

; Note that register_globals is going to be depracated (i.e., turned off by

; default) in the next version of PHP, because it often leads to security bugs.

; Read http://php.net/manual/en/security.registerglobals.php for further

; information.

Instead, you should always use the superglobals. So, for the example above, inside index.php, instead of using $user and $location you would always access your data from $GET['user'] and $GET['location'].

All paramters passed in the query string when you called the page (like i wrote it above) are available in $GET. When you write a form with "method=post" then the form's elements' name become indexes of the $POST array (see http://us2.php.net/manual/en/language.v … ternal.php">http://us2.php.net/manual/en/language.variables.external.php)

This is a very basic part of PHP that you should get a strong grip on before advancing and building interactive web pages. Check out the php manual about this for more details … the user comments available on each page of the online manual are usually worth reading. You can start here http://us2.php.net/manual/en/language.v … efined.php">http://us2.php.net/manual/en/language.variables.predefined.php .. further links can be found on that page about each superglobal.

Cheers

Actually, I do use $_GET, except a lot of the scripts I use (and did not write) require register-globals to be enabled.

I'll definitely consider what you've said though.

Since you have some apps that need it and some that don't, rather than turn it on for all, you can leave register globals globally off in php.ini and then include

phpflag registerglobals On

in httpd.conf only when you need it for a virtual host or directory. I think it can go in a .htaccess too.

Cheers

Ross

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct