Problem with the Discussion Forums code

**Banfa** · Feb 28 '06, 12:34 PM

Hi,

the problem is that the code you are using has been written assuming that the register_global s php configuration option is on and the PHP server you are using it on has the register_global s php configuration option set to off.

Having register_global s on is a security issue as it can make it easy to subvert the intention of a php script ( see here ).

The script is trying to access the variable $PHP_SELF, this is a registered global from the global variable $_SERVER['PHP_SELF'], you have 2 choices at this point

Change the php code to use the super global arrays ($_SERVER, $_POST, $_GET etc)
Switch on the register_global s option in you php server (this option used to be automatically on but from php 4.2.0 was changed to automatically off because of the security implications) ( see here )

**Tetsuo** · Feb 28 '06, 12:42 PM

Yes i understand,

but how can i change the $php_self with a $get or something like that...
and what about the undefinded variable $action i don't see the definission of this one anywhere

**Banfa** · Feb 28 '06, 01:15 PM

What I suggest that you do is donwload the PHP documentation from www.php.net as some of these questions could easily be answered by looking or searching in that.

As I already said $PHP_SELF is the registered variable from the super global $_SERVER['PHP_SELF'], you can find all the other available variables at http://www.php.net/manual/en/reserved.variables.php

I am assuming that your little error with $action is either an infomational or a warning message (PHP produces 3 levels of messages ERROR, WARNING and INFORMATION). It is normal to have INFORMATION messages switched off (particularly on a live server) however I have them switch on on my development server and so that I can remove these informational warnings as this makes the code more robust.

I am also guessing that this will not stop your code running however it will need editing.

In the code $action is a registered global for $_POST['action'] so you need to make this substitution. However this wont get rid of the warning message because the first time through the variable $_GET['action'] does not exist. If fact the purpose of the if statement

if ($action=="add_ two") {
...
}
else
{
...
}

is specifically to see if $action is set, if it is set then it uses the posted data to create a new topic, otherwise it displays a page to allow the user to input the data for a new topic.

You could remove the warning message by testing existence of the variable first using the function isset ( see here ). Applying this change and the change to use super global variables the code becomes

if ( isset($_POST['action']) && $_POST['action']=="add_two") {
...
}
else
{
...
}

Problem with the Discussion Forums code

Problem with the Discussion Forums code

Comment

Comment

Comment