Code not working after server move

Posted on 2007-08-05
Last Modified: 2013-11-05
I was unfortantly caught in the Valueweb SNAFU (they crashed multiple servers durning a move).  So I am trying to bring my site back up on a new Linux server (hosted by server beach) from a backup.

I have all of the files up, but some of my forms are not working.
The form:
Calls to the DB and populates the boats (so that works fine) but when you hit the submit button, the next pages loads with no information.  So it looks like my POST didn't work.

Is there something I need to set up on the new server to get that to work?
Question by:CyberRazz32
    LVL 15

    Expert Comment

    is the web request (POST) actually including the info it should?  Use wireshark to capture the web request if you are not sure (
    LVL 2

    Expert Comment

    The problem is that the old web hosting company had register globals turned on.  The new place has them turned off (which is a good thing).  Turning them off helps improve security.

    As a quick fix,  you should add this line of code to the top of your scripts:

    foreach ($_REQUEST as $k=>$v) {$$k=$v;}

    This will get you back on your feet again.  Then you should learn why people turn register globals off...  then you should learn about how to correctly program in an environment where register globals are turned off.  You should do that sooner rather than never but in the meantime,  the foreach command above will get your code working again.
    LVL 4

    Expert Comment

    The above command will as stated get you going again, but opens a security hole in your page.

    Say I knew or guessed that your script used a variable called $valid_user and checked to see if that variable was set to true to allow something to happen. With the above fix, all I need to do to "inject" that variable into your script is to save a copy of the html for the form and edit it to include a field called valid_user with the value true before submiting it.
    This may seem to be trivial, but it can create huge holes in your sites security and is exactly the reason that register_globals should be, and often is, turned off for shared and production web servers.
    Never trust the data coming from a form or rely on specific values to be coming from it, always validate the data is of the type you expect and within any necessary numerical bounds.
    LVL 13

    Accepted Solution

    register_globals is not in itself a security hazard, provided you initiate all your variables before you try to use them. PHP allows you to get away with querying a non-initiated variable and will simply return 0 or empty. So for instance, this code here would be a risk if register_globals were turned on, and is the reason why PHP5 has them turned off by default:

        $has_access = true;

    So anyway, as long as you're careful while developing, turning register_globals back on is no security risk. If you're not willing to be careful then I just hope you don't have anything too sensitive to protect.
    LVL 13

    Expert Comment

    While I appreciate the points, I was merely contributing my .02 to the discussion about register_globals being a security risk. I believe etully deserves most, if not all, of the points on this question because he correctly identified the problem and provided a workable solution. If you solved the problem by turning register_globals on (which I realize is a much much faster fix than going through all your scripts to find out which ones were affected and modifying accordingly) then more power to you. But I was not the one to realize that this was the most likely cause of trouble. It makes sense, but again, etully was the one to point it out and deserves the credit. I merely explained why register_globals was a security risk and what can be done to program securely even when it's turned on.

    @ etully,

    If you can flag a monitor to stop by, I willingly relinquish my points to you.
    LVL 2

    Expert Comment

    MasonWolf:  Thank you for the nod.  I don't care as much about the points as I do the nod.  :)

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Developers of all skill levels should learn to use current best practices when developing websites. However many developers, new and old, fall into the trap of using deprecated features because this is what so many tutorials and books tell them to u…
    These days socially coordinated efforts have turned into a critical requirement for enterprises.
    The viewer will learn how to dynamically set the form action using jQuery.
    The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

    761 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    9 Experts available now in Live!

    Get 1:1 Help Now