Passing Parameters to a Web Page Script

Passing Parameters to a Web Page Script

Post by JD » Mon, 28 Jun 2004 22:39:17


I posted this earlier and it disappeared from the NewsGroup

I want to pass two parameters to a simple script running on my web server.

The script "parpass.php" looks like this:

<?php
echo "The total number of parameters passed was: $argc \n";
echo "The parameters passed were: ";
foreach (argv as $val) {
echo "$val ";
}
echo " \n ";
?>

I tried running this script by typing this in my browser window

http://www.yqcomputer.com/

The script runs but does not report any parameters

Any help would be appreciated.

I'm new to PHP but am getting better.

Thanks to all

John
 
 
 

Passing Parameters to a Web Page Script

Post by bonehea » Mon, 28 Jun 2004 23:29:28


"Parameters"? HAH! Klingon functions do not have 'parameters'. They have
ARGUMENTS. And they ALWAYS WIN THEM.

But seriously (ahem), there could be two issues here.

1. Assuming that your url example above is literally verbatim, you
appear to be missing the required question mark before the 'parameters'
and the required ampersand between them, with no spaces, thus the
'correct' way to type the url is:

http://www.yqcomputer.com/

where 'parm1' is 'myvariable1=myvalue1' and 'parm1' is
'myvariable2=myvalue2'.

2. The more fundamental and important problem is that you really
shouldn't be able to do this in the first place.

Run a phpinfo.php script and look for the property called
'register_globals', which, when turned on, allows any values passed
through a url to become automatically recognized as global variables by
default. This is a tremendous security problem, as it allows malicious
users to potentially pass all sorts of values to your script just by
typing in various values in the url.

Since PHP 4.2.0, this property has been turned *off* by default and you
really should leave it that way. In this state, the only way you can
pass values from one script to the next (or to itself, recursively,) is
through forms or hyperlinks that you have coded, and the only way to
retrieve those values is to use the global arrays POST, GET, and REQUEST.

See the following references I posted in a previous thread on this topic:

See the following errata page from Wrox for an explanation (refer to the
second entry on the errata listing):
http://www.yqcomputer.com/

Also see the following documentation on www.php.net (be sure to scroll
to the bottom of the page to the section headed 'SECURITY: NEW INPUT
MECHANISM'):
http://www.yqcomputer.com/

Also see this page and refer to the big box headed 'Warning':
http://www.yqcomputer.com/