[Scottish] problems with php header function with my ISP

[ray]

On Saturday 26 April 2003 22:16, Tam McLaughlin wrote:
> header ("Location:  
> http://cgi.tammclaughlin.force9.co.uk/cgi-bin/question_type.php?question=1&
>quizname=$quizname") or die ("Can't go to location ");

I think that this might be the "global variables" gotcha.  It depends on which versions of PHP are being used, but the default behaviour tightened up with 4.2.  THe explanation is in the default php.ini:

-------------------x--x---------------------
; Whether or not to register the EGPCS variables as global variables.  You may
; want to turn this off if you don't want to clutter your scripts' global scope
; with user data.  This makes most sense when coupled with track_vars - in which
; case you can access all of the GPC variables through the $HTTP_*_VARS[],
; variables.
;
; You should do your best to write your scripts so that they do not require
; register_globals to be on;  Using form variables as globals can easily lead
; to possible security problems, if the code is not very well thought of.
register_globals = Off

; This directive tells PHP whether to declare the argv&argc variables (that
; would contain the GET information).  If you don't use these variables, you
; should turn it off for increased performance.
register_argc_argv = On
----------------x--x-----------------------

You should explicitly declare/retrieve  $question and $quizname from the $_GET array (although better to use the POST method). E.g:something like:
	$question = $_GET['question']; $quizname = $_GET['quizname'];

The alternative, which might not be available on force9's hosts is to set
	register_globals = On
in /etc/php.ini.  But this allows anyone to pass any variable value to you form by maipulating the url.

--  
  rayH