I have a test server setup that I use for development purposes. It is running Ubuntu Server 11.1 and seems to work just fine when I am working locally. I have a dynamic DNS configured so I can access it from off site when I am away from the office. When accessing it remotely passing variables in the URL doesn’t process properly. I am not getting any errors, just don’t get the pages I want.
For example, one site I am working on has an index.php page that I then add /?body=somevalue to and it changes the main section to whatever is input there. Like I said, if I am local to the server then it works fine, but when off-site it just keeps refreshing the default index page. (My code is written so if no value is passed it defaults to the “home” page.
Is there some value in the Apache or some other module of the server that I need to modify to enable this to work?
Hope I explained that clearly enough.
Thanks in advance, this has bothered me for awhile but finally thought I’d post and see what I can figure out.
You’re adding /?body=somevalue after index.php? Horrors! That’s triggering Options MultiViews which should be serving the php script but with … well, NO post values because you’re using the $_GET array. If you were looking for a query string (removing the / from the query string), index.php should be able to process the $_GET or $REQUEST array for body=somevalue.
I’m also loathe to use trailing /'s as that tells browsers that they’re in a different directory level and relative links typically go to $#!T.
And I was also mistaken, it appears at no time does my local test server process that url properly. It appears to ignore the variable being passed while my live server on the web handles this exactly as it should. I am doing it this was so certain pages could be linked directly to for bookmarks and such. Queries against the database don’t pass their values through POST.
Now, anyone have any clue what server settings I need to update to get my local Ubuntu Server to handle GET requests properly?
From my experience, you either receive a GET request or a POST request. With a query string, you are making a GET request of your server.
Again, unclear. Queries against the database have NOTHING to do with POST so your question needs to be restated.
At this juncture, I believe you’ll need to provide your PHP script’s code relevant to obtaining the values of the $_GET array and making any conversion before making the query. Obviously, how you handle the query response, too, will determine whether you actually see the output.
Perhaps this is a problem for the PHP board’s team?
OK, I crossed up mentioning GET and POST. Disregarding that, pages I have written, when hosted on my “official” web server function just fine. Those EXACT same pages on my local dev server don’t. Is there a setting in Apache (or something else in the Ubuntu Server) that causes it to disregard variables passed in the URL?
OK, I’ve figured out what the issue was, but it’s brought a troubling thought to mind.
In my code I was incorrectly testing for the variable passing:
if ($variable != ’ ') { do this };
When it should have been:
if ($_REQUEST[variable] != ’ ') { do this };
What that makes me curious about now is WHY does my hosted account allow a variable to be tested when my local server requires the REQUEST portion of the declaration?
I may be using some incorrect terminology, but I think you will all get what I am saying. Should I be concerned about the configuration of my web server? Does having it process variables like that expose any security concerns I should address? And if it does, then this will be the first time that my sloppy coding would have been beneficial to me! (-:
Absolutely! Be VERY concerned! That’s “magic quotes” (it’s been a long, long time since I last saw that!) that you MUST disable or suffer hack attacks of the most trivial kind (variable injection by adding ?variable=something to a link … ANY link!). That’s been defaulted OFF for so long that I’m shocked to see it in a question here!
Thanks, I’ll try to remember to use empty() from now on.
So do I want to just disable them in my scripts? Or should I be looking at the server itself and turning it off somewhere. It’s shared hosting, but I have access to modify some PHP values.
Thanks, thought it was odd and maybe that’s why I didn’t realize what was going on since it’s been deprecated for so long.
PHP’s got a LOT of functions that are not know by many programmers (myself included). I spent several minutes looking for prepend() (it does not exist) and a Google search brought me the correct function name: auto_prepend_file. An example of this as well as the .htaccess (or vhost or php.ini) code is: