PHP $GET_ - I need to accept any variable with out $GET_ 'VERY IMPORTANT'

I'm Migrating all my Websites from 1 server to a new 1 at a different company.  I haven't programmed any of my 90 sites to receive the variable by a GET.  They all just GET the variable from the url.  Example:

URL:
http://www.abc.com/?company=Acme

Code:
<?
$result = mysql_query("SELECT * FROM Companies WHERE ID LIKE '$company'");
?>


I don't need:

<?
$company = $_GET[company];
$result = mysql_query("SELECT * FROM Companies WHERE ID LIKE '$company'");
?>

it just automatically gets the variable.  Please help... I'll go crazy if I have to swich every page in every one of my 90 sites:(((  Thanks.

smoothcat11Asked:
Who is Participating?
 
b0lsc0ttIT ManagerCommented:
Sorry instead of global_vars it is register_globals.

bol
0
 
b0lsc0ttIT ManagerCommented:
You need to edit the php.ini file and turn global_vars to on.  See http://us.php.net/manual/en/language.variables.predefined.php for a little info on why this was changed.  Let me know if you have a question or need more info.

bol
0
 
b0lsc0ttIT ManagerCommented:
By the way, you should preparer to make the change to your code.  It was changed and will eventually be removed altogether.  I believe PHP ver 6 will not have the option to enable the global variables.

bol
0
Cloud Class® Course: Microsoft Exchange Server

The MCTS: Microsoft Exchange Server 2010 certification validates your skills in supporting the maintenance and administration of the Exchange servers in an enterprise environment. Learn everything you need to know with this course.

 
glcumminsCommented:
The reason for the change is that the use of register_globals is very insecure and dangerous. Consider the following code (from http://hostprogressive.com/support/php_5_docs/security.globals.html):

<?php
// define $authorized = true only if user is authenticated
if (authenticated_user()) {
    $authorized = true;
}

// Because we didn't first initialize $authorized as false, this might be
// defined through register_globals, like from GET auth.php?authorized=1
// So, anyone can be seen as authenticated!
if ($authorized) {
    include "/highly/sensitive/data.php";
}
?>

If register_globals is enabled, a malicious user can simply craft a URL like this:

  http://www.yoursite.com/yourscript.php?authorized=true

Now the user will be considered authenticated, even though he completely bypassed your login scheme. As b0lsc0tt, you should make plans to change your code to avoid this behavior sooner, rather than later.
0
 
smoothcat11Author Commented:
Thanks for the input guys, I will close this question on Monday when  I can actually test the advise.  I want to keep it open in case I run in to anything.  Thanks again.
0
 
b0lsc0ttIT ManagerCommented:
Your welcome!  Let's us know if you have a question.

bol
0
 
b0lsc0ttIT ManagerCommented:
I'm glad I could help.  Thanks for the grade, the points and the fun question.

bol
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.