Reputation: 337
Could be any propagation of $_GET variabiles in a short way?
I'm editing a website made form another programmer, i see he uses short php tags
<? instead of <?php
or
<?= instead of <?php echo
is there any way to assign $_GET variabiles in a short way?
I see he is using $id instead of $_GET['$id']
i'm changing domain on his website from www.mydomain.com to www.yourdomain.com/folder
The problem brons in this circumstance, in a page with this address:
www.yourdomain.com/folder/foto.php?id=http://www.yourdomain.com/folder/img/imagename.jpg
He retrives the id variable in this way:
foto.php:
<html>
<head>
<title></title>
<meta content="">
<style></style>
</head>
<body bgcolor="Black">
<?
session_start();
include "config.php";
$id=strip_tags($id);
?>
<table align="center"><tr><td>
<img src="<?=$id?>" align="left" border="0">
</td></tr></table>
</body>
</html>
config.php:
<?
$db_host = "??.??.??.??";
$db_user = "??????";
$db_password = "?????";
$db_name = "?????";
//db connect
$conn = @mysql_connect($db_host,$db_user,$db_password)
or die
("connection error");
$db = @mysql_select_db($db_name,$conn);
?>
But it only works on the old domain, in the new domain it cannot retrive the $id variable!
I know that if i change $id with $_GET['$id'] the problem is solved, but i can't figure out how it can work in the old domain!
Old Domain = PHP 4.4.9
New Domain = PHP 5.3.28
Upvotes: 0
Views: 96
Answers (1)
Reputation: 4611
That variable is available because the register_globals directive is enabled in php.ini.
A basic explanation:
register_globals registers $_REQUEST super global array elements as variables. For example if you submit a value in a form, via POST or GET request methods, with an input field name id, PHP will automatically register a variable $id and assign it value of the input field id.
This is what you're seeing at your old domain.
In newer versions of PHP this is disabled by default (and now removed) because it allows anyone to inject variables into your script.
According to the PHP manual this directive is removed as of version 5.4 but it's been turned off by default for considerably longer.
Upvotes: 2
Related Questions
- Beautiful way to remove GET-variables with PHP?
- Php global $_GET variable
- Variable Variable for $_GET
- get variables in php
- php get variable $_get
- _GET in PHP for variable with multiple values
- Option besides using $_GET
- Passing parameters via GET to any url in universal way
- Lots of $_GET's in one script
- $var instead of $_GET['var'] in PHP?