+- iDevGames Forums (http://www.idevgames.com/forums)
+-- Forum: Development Zone (/forum-3.html)
+--- Forum: Programming Languages & Scripting (/forum-8.html)
+--- Thread: Quick PHP question... (/thread-9947.html)
Quick PHP question... - sealfin - Mar 21, 2012 07:23 PM
Greetings
Ages ago I threw together a few PHP scripts for the web-page of a member of my family; the scripts retrieve data from a MySQL database, the data retrieved determined by the content of a parameter passed to the scripts in the URL (no, the content of the parameter is not a SQL command 
)A few weeks ago the scripts broke; data is still being retrieved from the database by the scripts, but it is the data retrieved by default when no parameter has been passed to the scripts - except a parameter is being passed to the scripts.
Eg. I threw together the following test; given the code:
Code:
<?php
echo( $p );
print( $p );
printf( "%d", $p );
if( $p == 7 ) echo( "seven" ); else echo( "not seven" );
$p = 21;
echo( $p );
?>And given the URL test.php?p=7, I would expect the output to be:
Quote:777seven21
Instead, the output is:
Quote:0not seven21
Is my understanding of the functionality of parameters in PHP incorrect - and if my understanding is incorrect, how did the scripts function correctly for years?
Or have changes to PHP changed the functionality of parameters?
(The version of PHP installed is 5.2.17; I'm afraid I don't know if this has changed recently...)Or is there some other explanation...?
(Annoyingly, an install of WordPress on the same server seems to function correctly...)
RE: Quick PHP question... - skyhawk - Mar 21, 2012 08:26 PM
$p = $_GET['p'];
(as far as I am aware, your previous code should have never worked in a million years)
RE: Quick PHP question... - PowerMacX - Mar 21, 2012 08:58 PM
(Mar 21, 2012 08:26 PM)skyhawk Wrote: (as far as I am aware, your previous code should have never worked in a million years)
A ridiculously dangerous (now deprecated) "feature" from php was that it actually did work just like that.
http://www.php.net/manual/en/ini.core.php#ini.register-globals
http://www.php.net/manual/en/security.globals.php
RE: Quick PHP question... - sealfin - Mar 22, 2012 06:18 AM
(Mar 21, 2012 08:26 PM)skyhawk Wrote: $p = $_GET['p'];
Thanks skyhawk
I hadn't touched PHP in at least two years (and obviously I wasn't fluent in it to begin with 
) so I had no idea where to begin looking for a solution...(Mar 21, 2012 08:26 PM)skyhawk Wrote: (as far as I am aware, your previous code should have never worked in a million years)
As PowerMacX wrote, the code functioned (and for at least six years); and whilst PowerMacX wrote that the feature of PHP I was using was "ridiculously dangerous", I wasn't concerned with security when I threw together the code as no user has permission to write to the database.
RE: Quick PHP question... - wyrmmage - Mar 22, 2012 04:29 PM
I miss register_globals. It was only a security hazard if you used it incorrectly
RE: Quick PHP question... - skyhawk - Mar 22, 2012 07:30 PM
(Mar 22, 2012 04:29 PM)wyrmmage Wrote: I miss register_globals. It was only a security hazard if you used it incorrectly
you mean by having people define variables in your code that you had no control over?