Passing Parameters to a Web Page Script
This is a discussion on Passing Parameters to a Web Page Script within the PHP Language forums, part of the PHP Programming Forums category; I posted this earlier and it disappeared from the NewsGroup I want to pass two parameters to a simple script ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
06-27-2004
|
|||
|
|||
Passing Parameters to a Web Page Script
I posted this earlier and it disappeared from the NewsGroup
I want to pass two parameters to a simple script running on my web server. The script "parpass.php" looks like this: <?php echo "The total number of parameters passed was: $argc \n"; echo "The parameters passed were: "; foreach (argv as $val) { echo "$val "; } echo " \n "; ?> I tried running this script by typing this in my browser window http://www.myserver.org/parpass.php parm1 parm2 The script runs but does not report any parameters Any help would be appreciated. I'm new to PHP but am getting better. Thanks to all John 
|
|
06-27-2004
|
|||
|
|||
|
Re: Passing Parameters to a Web Page Script
JD wrote:
> I posted this earlier and it disappeared from the NewsGroup > I tried running this script by typing this in my browser window> > http://www.myserver.org/parpass.php parm1 parm2 > The script runs but does not report any parameters "Parameters"? HAH! Klingon functions do not have 'parameters'. They have ARGUMENTS. And they ALWAYS WIN THEM. But seriously (ahem), there could be two issues here. 1. Assuming that your url example above is literally verbatim, you appear to be missing the required question mark before the 'parameters' and the required ampersand between them, with no spaces, thus the 'correct' way to type the url is: http://www.myserver.org/parpass.php?parm1&parm2 where 'parm1' is 'myvariable1=myvalue1' and 'parm1' is 'myvariable2=myvalue2'. 2. The more fundamental and important problem is that you really shouldn't be able to do this in the first place. Run a phpinfo.php script and look for the property called 'register_globals', which, when turned on, allows any values passed through a url to become automatically recognized as global variables by default. This is a tremendous security problem, as it allows malicious users to potentially pass all sorts of values to your script just by typing in various values in the url. Since PHP 4.2.0, this property has been turned *off* by default and you really should leave it that way. In this state, the only way you can pass values from one script to the next (or to itself, recursively,) is through forms or hyperlinks that you have coded, and the only way to retrieve those values is to use the global arrays POST, GET, and REQUEST. See the following references I posted in a previous thread on this topic: See the following errata page from Wrox for an explanation (refer to the second entry on the errata listing): http://www.wrox.com/books/errata/076...4_errata.shtml Also see the following documentation on www.php.net (be sure to scroll to the bottom of the page to the section headed 'SECURITY: NEW INPUT MECHANISM'): http://www.php.net/release_4_1_0.php Also see this page and refer to the big box headed 'Warning': http://us4.php.net/variables.predefined
|
Linear Mode
