...

View Full Version : well....what am I doing wrong ?



c q
08-06-2002, 04:31 PM
U ppl really have to bear with me. I'm famous for making looots of stupid
errs.
Well, here's the latest.
Suppose I got a standard template called cbit.php, that,lets say looks
like...

<HTML>
<BODY>
<?php
include($HTTP_GET_VARS[target]);
?>
</BODY>
</HTML>

Ok, and I got another page, with some links. What I'm trying to do is to
pass the variable 'target' (which contains the requested filename) on to
cbit.php here's part of that code..
file : some.php

<a href='cbit.php?target="some_vague_file.php"'>Some Vague File</a>

I juss cant get why this doesn't work ! It keeps flashing err 'Use of
undefined constant target - assumed constant 'target' in E:/cbit/cbit.php
on line 43. Actually from what I understand, isn't $target supposed to
fetch the value too ?
But when I replaced the code with a simple print($HTTP_GET_VARS[target]);
still gave the same err, but also displayed the correct contents of that
variable. I even tried passing the absolute address using urlencode, but no
use.

Suggestions ???

-Niharica.

ScottBP
08-06-2002, 06:08 PM
Here is what I did:

file: aaa.php contents:
<?PHP
echo"here is aaa";
?>

file: inc.php contents:
<?PHP
include($inc_file);
?>

file links.php contents:
<a href="inc.php?inc_file=aaa.php">File aaa</a>

This seems to work, in your example I would try to change
include($HTTP_GET_VARS[target]);
=TO=
include($target);

I hope this helps,

Scott

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scott Pier
ScottBP@amalla.com
Amalla International
http://www.amalla.com
For all your Internet Needs

Íkii
08-06-2002, 06:31 PM
security notes:

It is considered sensible to hardcode a partial path to the include files within the calling tag - this stops people exploring your documents remotely. ie, I could type in the url bar the following
"inc.php?inc_file=../../usr/pwd/password.txt" and if my script had guessed a filename I'd be reading your hidden files.

It also might be an idea to set a default value for $target

index.php

if($HTTP_GET_VARS) {extract($HTTP_GET_VARS); }
$path = '/subfolder/';
if(!isset($target) || $target=="") {$target = "home.php";}
include($path.$target);

as to the linking bit

echo '<a href="index.php?target='.$target.'">';

Celtboy
08-07-2002, 05:42 PM
your problem is really caused by the disabling of vars passed in the stream.

c q
08-08-2002, 08:40 AM
actually....I found that I juss had to set register globals 'on' in the php.ini file
now it works like magic :D

mordred
08-08-2002, 03:07 PM
That's a workaround, your initial problem comes from the use of an undefined constant as the key to retrieve a value from $HTTP_GET_VARS.

I suppose you have the error reporting set to E_ALL. Then you'll receive the particular error message you wrote any time you do



$HTTP_GET_VARS[target];


which is incorrect, correct form would be



$HTTP_GET_VARS["target"];


See the difference? As to the where and why, it's all explained in much detail at http://se.php.net/manual/en/language.types.array.php#language.types.array.foo-bar .

Just in case you run into the same trouble again... you can't solve that generally by adjusting register_globals. ;)

c q
08-09-2002, 04:39 PM
heyyy many thanks...I never realised that...



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum