PHP function altering passed parameter before processing

I'm debugging someone's formmail script. It's using a variable which is not passed to the script from the form, and which is never set to any value. The $sort variable is first referenced in the following code, prior to which $sort has not been defined or set to any value ($list has also not been previously referenced or set to any value):

    
// sort alphabetic or prepare an order
if ($sort == "alphabetic") {
   uksort($HTTP_POST_VARS, "strnatcasecmp");
} elseif ((ereg('^order:.*,.*', $sort)) && ($list = explode(',', ereg_replace('^order:', '', $sort)))) {
   $sort = $list;
}

Open in new window


Then $sort, as far as I can tell still set to nothing, gets passed to a function:
$content = parse_form($HTTP_POST_VARS, $sort);

Open in new window


The function description starts like this:
function parse_form($array, $sort = "") {

Open in new window

and then later on in the function there is this:
if (is_array($sort)) {
   foreach ($sort as $field) {

Open in new window

Is the function really setting the $sort field to null on the way in? And then accessing the null variable as an array? The headers for the email get written and sent, but none of the form fields get sent, and I suspect this strange processing of $sort is why.

Thanks,
Lissa
TheGrlGeekAsked:
Who is Participating?
 
TheGrlGeekConnect With a Mentor Author Commented:
Hey y'all, $sort really is NULL, but that wasn't the problem. The programmer had used $HTTP_POST_VARS in the script instead of $_POST, and $HTTP_POST_VARS has been deprecated, and the PHP version on the server has been upgraded to 5. So the script wasn't picking up the form variables at all.

Thanks for the suggestion to add the var_dumps, XzKto.
0
 
XzKtoCommented:
It is better to use '===' condition where you can, '==' can give unexpected result, for example
if(0=='aaaa'){
   echo 'Equal.';
}

Open in new window

will output 'Equal.'.

I recomment to put
var_dump($sort);

Open in new window

before each operation with $sort and look what it will show.  You should put die() after
if (is_array($sort)) {
   foreach ($sort as $field) {

Open in new window

so that there will be no more output after our test output.
0
 
Chris StanyonCommented:
Any chance of seeing the whole script?
0
Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

 
TheGrlGeekAuthor Commented:
Thanks, XzKto, I'll look into that tomorrow.

Chris, it's possible, I'll ask the client Monday.
0
 
TheGrlGeekAuthor Commented:
As I suspected the $sort is NULL everywhere. This version of the script has some var_dumps in it. Those are the only things I added. formmail2.php
0
 
Chris StanyonCommented:
Having had a quick look at the script, I would suggest upgrading to a later version of a formmail script.

Without going through it line-for-line, it looks like it relying on REGISTER_GLOBALS to be turned on in PHP. The default used to be for this to be turned on, but nowadays PHP turns this off by default.

You script is simply checking to see if a variable called 'sort' is set, and if it is, use it. With REGISTER_GLOBALS turned on, this variable would have been available from the POSTed FORM - something like this:

<input type="hidden" name="sort" value="alphabetic"/>

With REGISTER_GLOBALS turned off, you would have to access this variable like so:

$_POST['sort']

You could try turning REGISTER_GLOBALS on (which isn't recommended) or upgrade your script to one that gets it's info from the $POST array.

0
 
TheGrlGeekAuthor Commented:
The solution was not exactly related to the question, but the Experts gave me techniques to figure it out.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.