Results 1 to 7 of 7

Thread: PHP people out there?

  1. #1

    PHP people out there?

    An error occurred

    Unknown(): Your script possibly relies on a session side-effect which existed
    until PHP 4.2.3. Please be advised that the session extension does not consider
    global variables as a source of data, unless register_globals is enabled. You
    can disable this functionality and this warning by setting session.bug_compat_42
    or session.bug_compat_warn to off, respectively.

    This is the problem Im getting using this instant web mail script I always used before with no problem. Its since I upgraded to 9.1 drake and got PHP 4.3, now I cant use this anymore....any help?

  2. #2

    Re:PHP people out there?

    How is it working with the session? Does it use $_SESSION or an older way of working with session variables?

  3. #3

    Re:PHP people out there?

    Sorry but I really dont know php at all, just use it for some things b/c downloading a php script is so easy =) Let me give ya the link for it

    Basically its a little tar ball, you untar in your web dir, and point your browser to it. I have an older version that gives me that error, and the newer one on the site just doesnt respond to anything....

  4. #4
    Join Date
    Apr 2002

    Re:PHP people out there?

    perhaps you may want to try turning register_globals on (even though it is theoretically unsafe and leaves some decent size security holes in the system....) but just to see if it works with them on, edit your php.ini file and change the line
    register_globals = Off
    register_globals = On
    Then see if that makes a difference.

  5. #5

    Re:PHP people out there?

    Thanks! I actually had to edit the file php.ini-dist , but it worked. So how bad of a security issue is this? I mean its not like I have a high-traffic website or anything mind you.

  6. #6
    Join Date
    Apr 2002

    Re:PHP people out there?

    well, the security risk really depends upon the php scripts being run. With global's on a variable can be passed to the script using any method (post, get, etc.) where as with it off the variable is looked for coming from a specific method. So for example, you have something like:

    $SQL = "SELECT * FROM table WHERE number = 7"

    and run it against a database, this is all well and good, but with globals on, the user could go to yourscript.php?SQL="DELETE * FROM table" and that SQL will be run, okay so that's a bad example since the variable would be written over, but you get the idea, your code can easily be turned against you.

    If you write your scripts with this in mind though, you should be fairly safe.

  7. #7

    Re:PHP people out there?

    related to security/sql thing. if the $SQL = line was in an if statement, and you could make that if statement false, then you pass SQL and it works. something like:
    if(!$SQL) {
      $SQL = "SELECT * FROM tables";
    then if SQL is set it will not set it, because lets say you thought it might be set from an included file. but instead one could set it with register globals by just foo.php?SQL=bar

    i hope that wasn't too confusing...

Similar Threads

  1. Hello People
    By hosea in forum General Chat
    Replies: 2
    Last Post: 12-08-2007, 12:06 PM
  2. Hi people
    By MrTempleDene in forum General Chat
    Replies: 1
    Last Post: 11-21-2007, 10:37 PM
  3. When people don't believe you.
    By mojo jojo in forum General Chat
    Replies: 12
    Last Post: 06-01-2005, 04:18 AM
  4. Do people want to work or what?
    By tolstoy in forum General Chat
    Replies: 43
    Last Post: 04-14-2004, 06:58 AM
  5. Stupid people...
    By boblucci in forum General Chat
    Replies: 13
    Last Post: 03-19-2004, 02:34 AM


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts