Issue of upgrading from to 5.x

Here's a little problem I'm just discovering.

The issue has been brought to my attention by a couple of my clients when
their mail() replies were suddenly turning up with zero variable content.

I have several html/php contact/subscribe forms which return a mail reply to
the web site owner. These have recently been turning up with none of the
variables being picked up from the html form. The mail() library is still
sending the reply correctly. All the material is hosted on commercial ISP web
servers. A couple of them have clearly upgraded to PHP 5.x recently.

When a user fills out the form and presses the submit button the process page
picks up the variables from the input and mails the output back to the site
owner. Recently some of these replies have started to show up with the
variables not being picked up. On looking through the official PHP
documentation it would seem to be an issue of the change in the use of
globals being turned off by default in 5.x onwards. I found an example of a
function in the documentation to include that simulates globals being turned
on but this does not seem to be working as expected.

While this is a very simple (and possibly only a bit irritating) problem the
nightmare scenario for me is that I have a great many files (read several Ks)
that rely on the same functionality, as the access to several MySql
databases. I have very quickly tested a couple of these database constructs
on one of the hosting sites where the mail() forms have failed and the
database constructs do not work either. I really would prefer not to have to
spend the whole of the next year re-writing all these files especially as
this work is all voluntary.

Now if these very simple html form / php processing structures are now going
to fail by not retrieving the variables what are we supposed to do to create
web site contact forms or data entry pages for database access. I have tried
constructing the forms as hybrid php/html and included the function noted
above and this did not work either. In fact on one of the servers running the
upgrade even logging on to the database construct froze at the first
processing page. I think that either this
header("Location: adminhome.php");
exit(); failed to trigger or the "session_register();" failed.raised

Any suggestions advice would be most welcome.

I have included an example snippet of code from one of the mailback forms that
has been working correctly for several years.

A snippet of example code--------
The Form:
Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

Re: Issue of upgrading from to 5.x

Chris Streatfield wrote:
> Here's a little problem I'm just discovering.
>
> The issue has been brought to my attention by a couple of my clients when
> their mail() replies were suddenly turning up with zero variable content.
>
> I have several html/php contact/subscribe forms which return a mail reply to
> the web site owner. These have recently been turning up with none of the
> variables being picked up from the html form. The mail() library is still
> sending the reply correctly. All the material is hosted on commercial ISP web
> servers. A couple of them have clearly upgraded to PHP 5.x recently.
>
> When a user fills out the form and presses the submit button the process page
> picks up the variables from the input and mails the output back to the site
> owner. Recently some of these replies have started to show up with the
> variables not being picked up. On looking through the official PHP
> documentation it would seem to be an issue of the change in the use of
> globals being turned off by default in 5.x onwards. I found an example of a
> function in the documentation to include that simulates globals being turned
> on but this does not seem to be working as expected.

Hi Chris,

Don't worry; globals have not been disabled. However, what you're
referring to (registering input data as global variables) has been
disabled by default since PHP 4.2. It has always been possible to
disable it (and for a long time, recommended to disable it) via the
register_globals ini directive, and it's still possible to enable it
using register_globals.

However: like I said, it's not recommended. It's a security risk, and
registering input data as global variables will be removed entirely in
PHP 6. As of PHP 5.3 it is officially deprecated.

Have a look at the following page in the documentation for more
information on this:

http://www.php.net/manual/en/ini.core.php#ini.register-globa ls

In a case like yours, I'd recommend leaving register_globals disabled
and either fixing your scripts, or prepending an included file which
would gather the needed data from $_GET, $_POST, or $_REQUEST, sanitize
it, and *then* create the needed global variables using that data. This
second option would likely require the fewest changes to your existing
scripts.


Regards,

Torben

> While this is a very simple (and possibly only a bit irritating) problem the
> nightmare scenario for me is that I have a great many files (read several Ks)
> that rely on the same functionality, as the access to several MySql
> databases. I have very quickly tested a couple of these database constructs
> on one of the hosting sites where the mail() forms have failed and the
> database constructs do not work either. I really would prefer not to have to
> spend the whole of the next year re-writing all these files especially as
> this work is all voluntary.
>
> Now if these very simple html form / php processing structures are now going
> to fail by not retrieving the variables what are we supposed to do to create
> web site contact forms or data entry pages for database access. I have tried
> constructing the forms as hybrid php/html and included the function noted
> above and this did not work either. In fact on one of the servers running the
> upgrade even logging on to the database construct froze at the first
> processing page. I think that either this
> header("Location: adminhome.php");
> exit(); failed to trigger or the "session_register();" failed.raised
>
> Any suggestions advice would be most welcome.
>
> I have included an example snippet of code from one of the mailback forms that
> has been working correctly for several years.
>
> A snippet of example code--------
> The Form:
> > Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
>
>
>
>
>
>
>