Php incompatibilities

software development

#1

=) hi

I had an engine working in an old host,
http://www.brasilia17.org/concretoarmado/php test/painel.php

that is like that:

<? import_request_variables("p"); $divw=$wn*50; $divh=$hn*50; $w=$wn*$hn; $r=rand(1,4); echo ('
'); if ($w<10000) while ($w>0) { echo (''); $w--; } else echo (' número muito grande de elementos'); echo ('
'); ?>

and wen I moved to my new domain,
http://www.finetanks.com/painel/painel.php

the exact same file, it simply dont’t work, neither I get any error message, does anybody knows what can be done, or what’s goin on?

tanks for any help


#2

Perhaps short php open tags aren’t enabled, replace “<?” with “<?php” and see if that helps.


#3

My guess is that you are assuming that register_globals is enabled (which is something of a security hazard). The variables you are setting in your query string should first be retrieved from the $_GET superglobal array:

$wn= $_GET[‘wn’];
$hn = $_GET[‘hn’];

If you are working with many variables, you can retrieve all of them at the same time with this:

extract($_GET);
You will encounter the same issue if you ever use HTML forms with PHP. With the method set to “post”, for example, you will need to access the form data with the $_POST superglobal array variable.


#4

it is doesn’t mater with <? and <?php

both are same

<?php is for just for stranger that it is php script and starts from there no else difference between <? and <?php you can use either

#5

He has import_request_variables(“p”); in there, though – but that doesn’t seem to work for some reason.

I just made a test script with:

<?php import_request_variables("g"); echo $thevar; print_r($_GET); ?>

Going to test.php?thevar=asdf would just echo the number 1, rather than asdf.

Tried it with extract($_GET) and it did the same thing.

In either case, print_r($_GET) printed it correctly: Array ( [thevar] => asdf )

I never use either of those, so I’m not sure what’s up there. I always just use the $_GET[‘thevar’] method.


:stuck_out_tongue: Save up to $96 at Dreamhost with ALMOST97 promo code (I get $1).
Or save $97 with THEFULL97.


#6

it had worked with the

extract($_GET);

thanks
but why are you saying it’s a security hazard?


#7

Leaving register_globals on makes it much easier for unscrupulous types to do something called variable poisoning. Code can injected into form or session data that could give crackers access to secure data. Of course, disabling register_globals isn’t a cure-all. You should still ensure your data is clean before, for example, passing it into a database query.


Simon Jessey | Keystone Websites
Save $97 on yearly plans with promo code [color=#CC0000]SCJESSEY97[/color]


#8

I’ve expanded the wiki article to include an example exploit.


Simon Jessey | Keystone Websites
Save $97 on yearly plans with promo code [color=#CC0000]SCJESSEY97[/color]


#9

[quote]
it is doesn’t mater with <? and <?php

both are same

<?php is for just for stranger that it is php script and starts from there no else difference between <? and <?php you can use either[/quote] How do you figure that? I disagree... [quote][url=http://php.net/manual/en/ini.core.php]http://php.net/manual/en/ini.core.php[/url] Description of core php.ini directives short_open_tag: Tells whether the short form (<? ?>) of PHP's open tag should be allowed... if disabled, you must use the long form of the PHP open tag (<?php ?>). [/quote]