Written by Ian on Friday 02/02/07
Upgrading PHP version on a server here has revealed some surprise issues and problems - the upgrade jumped from v2 to v5 skipping v3 and v4. Here are some hints and tips about what we had to change.
Most importantly is that the GET mechanism has been made more secure. When loading one PHP page from another, it used to be possible to pass over variables that were automatically in scope in the new page. This does not work anymore. Let me explain...
Say you had a form which could submit a value called $IP when you click. The new target page, say test.php, would be loaded using the GET mechanism, and the URL would appear:
In the past, $IP would now be defined inside test.php and would have the value that was passed over. This no longer happens. In PHP5 you need to explicity decide what variables you want to GET inside test.php *as well* as pass them from the previous page in the normal way.
So inside test.php you can accomplish that quite easily for the example given with:
You will find this works well, and is an easy conversion from earlier versions of PHP.
But better by far is the use of sessions. When you start a session, you can register a set of global variables that will be carried to subsequent pages. A good tutorial on that is found here.
Another thing to beware of is the PHP initialisation settings, probably found here:
You can of course edit this by hand. Most important if you are doing any type of file handling (which most people would be) are probably the entries under
; Fopen wrappers ;
Just ensure that you have the following - possibly insecure (if you are not careful) line set:
allow_url_fopen = On
What is being careful? Mostly making sure that nobody from the outside world can specify a filename which you write to or read from. Just think if someone were able to read (or worse, to write to) the system password file!!