The "Freeola Customer Forum" forum, which includes Retro Game Reviews, has been archived and is now read-only. You cannot post here or create a new thread or review on this forum.
I received an email from a client saying they'd entered the minimum criteria on my booking form i.e. a contact number or email address but were receiving the following message:
Not transmitted
Error:
Please supply your Telephone number or Email address!
I had a look at the form using Dreamweaver plus tested the form online, I was baffled so decided to check the Freeola website to see if any changes had been made and was annoyed to find the following:
UPDATE 7/6/04
Following a security upgrade, a change has been made to our PHP configuration to switch register_globals OFF. This basically means that statements such as:
echo $my_variable_name;
will no longer function correctly. There is a simple resolution to this problem in the form of some code that should be inserted into the top of your page. Here are some examples:
If the variable you are trying to access is passed via the URL string:
$my_variable_name=$_GET["my_variable_name"];
If the variable you are trying to access is passed via a form post operation:
$my_variable_name=$_POST["my_variable_name"];
If the variable you are trying to access is a server environment variable:
$my_variable_name=$_SERVER["HTTP_HOST"];
The code in my form is:
if ($tel == "" && $email == "")
{
echo "Not transmitted";
echo "
Error:
Please supply your Telephone number or Email address!
Click on the BACK button on your browser to return to the form";
}
else
{
echo "Successfully transmitted";
Not transmitted
Error:
Please supply your Telephone number or Email address!
I had a look at the form using Dreamweaver plus tested the form online, I was baffled so decided to check the Freeola website to see if any changes had been made and was annoyed to find the following:
UPDATE 7/6/04
Following a security upgrade, a change has been made to our PHP configuration to switch register_globals OFF. This basically means that statements such as:
echo $my_variable_name;
will no longer function correctly. There is a simple resolution to this problem in the form of some code that should be inserted into the top of your page. Here are some examples:
If the variable you are trying to access is passed via the URL string:
$my_variable_name=$_GET["my_variable_name"];
If the variable you are trying to access is passed via a form post operation:
$my_variable_name=$_POST["my_variable_name"];
If the variable you are trying to access is a server environment variable:
$my_variable_name=$_SERVER["HTTP_HOST"];
The code in my form is:
if ($tel == "" && $email == "")
{
echo "Not transmitted";
echo "
Error:
Please supply your Telephone number or Email address!
Click on the BACK button on your browser to return to the form";
}
else
{
echo "Successfully transmitted";
Page:
I received an email from a client saying they'd entered the minimum criteria on my booking form i.e. a contact number or email address but were receiving the following message:
Not transmitted
Error:
Please supply your Telephone number or Email address!
I had a look at the form using Dreamweaver plus tested the form online, I was baffled so decided to check the Freeola website to see if any changes had been made and was annoyed to find the following:
UPDATE 7/6/04
Following a security upgrade, a change has been made to our PHP configuration to switch register_globals OFF. This basically means that statements such as:
echo $my_variable_name;
will no longer function correctly. There is a simple resolution to this problem in the form of some code that should be inserted into the top of your page. Here are some examples:
If the variable you are trying to access is passed via the URL string:
$my_variable_name=$_GET["my_variable_name"];
If the variable you are trying to access is passed via a form post operation:
$my_variable_name=$_POST["my_variable_name"];
If the variable you are trying to access is a server environment variable:
$my_variable_name=$_SERVER["HTTP_HOST"];
The code in my form is:
if ($tel == "" && $email == "")
{
echo "Not transmitted";
echo "
Error:
Please supply your Telephone number or Email address!
Click on the BACK button on your browser to return to the form";
}
else
{
echo "Successfully transmitted";
Not transmitted
Error:
Please supply your Telephone number or Email address!
I had a look at the form using Dreamweaver plus tested the form online, I was baffled so decided to check the Freeola website to see if any changes had been made and was annoyed to find the following:
UPDATE 7/6/04
Following a security upgrade, a change has been made to our PHP configuration to switch register_globals OFF. This basically means that statements such as:
echo $my_variable_name;
will no longer function correctly. There is a simple resolution to this problem in the form of some code that should be inserted into the top of your page. Here are some examples:
If the variable you are trying to access is passed via the URL string:
$my_variable_name=$_GET["my_variable_name"];
If the variable you are trying to access is passed via a form post operation:
$my_variable_name=$_POST["my_variable_name"];
If the variable you are trying to access is a server environment variable:
$my_variable_name=$_SERVER["HTTP_HOST"];
The code in my form is:
if ($tel == "" && $email == "")
{
echo "Not transmitted";
echo "
Error:
Please supply your Telephone number or Email address!
Click on the BACK button on your browser to return to the form";
}
else
{
echo "Successfully transmitted";
rest of message:
Can someone tell me how to change the code so it's now correct. I'm obviously furious if this is the reason for losing business, I operate 4 websites with Freeola and will write to them regarding this matter!
Can someone tell me how to change the code so it's now correct. I'm obviously furious if this is the reason for losing business, I operate 4 websites with Freeola and will write to them regarding this matter!
I think I found a thread which helps:
http://ukchatforums.reserve.co.uk/display_messages. php?threadid=103196&forumid=206
remove spaces before php?
Thanks to Nimco "Hercules" for the following:
If you're feeling lazy (this way isn't as secure) then this method allows you to very easily modify an entire script to work with register_globals set to off. Just copy and paste at the top of each page:
// Apply to other arrays simply by replacing the first argument of the 'foreach()' function with the array name.
foreach($_GET as $a=>$b){$$a=$b;} // $_GET
foreach($_POST as $a=>$b){$$a=$b;} // $_POST
?>
http://ukchatforums.reserve.co.uk/display_messages. php?threadid=103196&forumid=206
remove spaces before php?
Thanks to Nimco "Hercules" for the following:
If you're feeling lazy (this way isn't as secure) then this method allows you to very easily modify an entire script to work with register_globals set to off. Just copy and paste at the top of each page:
// Apply to other arrays simply by replacing the first argument of the 'foreach()' function with the array name.
foreach($_GET as $a=>$b){$$a=$b;} // $_GET
foreach($_POST as $a=>$b){$$a=$b;} // $_POST
?>
I can't figure this out, what do I change here:
################# CHECKING IP ADRESS ###########
echo "";
?>
################# CHECKING IP ADRESS ###########
echo "";
?>
Try changing the double-quotes around HTTP_HOST to single quotes.
For the record, I have no sympathy with you if you've lost business because you don't have a clue how to write PHP.
For the record, I have no sympathy with you if you've lost business because you don't have a clue how to write PHP.
These changes have been put in place for security reasons, as many people know we had huge problems around two months ago in which two of our servers had malicious scripts executed.
I will point out almost no web host will have Register Globals on because of the large security risk it brings.
Also you may want to look at the following [URL]http://uk2.php.net/manual/en/function.import-request-variables.php[/URL] as it is another alternative to coding the way stated on our help pages.
I will point out almost no web host will have Register Globals on because of the large security risk it brings.
Also you may want to look at the following [URL]http://uk2.php.net/manual/en/function.import-request-variables.php[/URL] as it is another alternative to coding the way stated on our help pages.
I'm all for this. I run a web host and we have register_globals off. It just leads to better script writing.
Turbonutter wrote:
> Try changing the double-quotes around HTTP_HOST to single quotes.
>
> For the record, I have no sympathy with you if you've lost business
> because you don't have a clue how to write PHP.
Harsh, man, harsh. Everyone has to learn somewhere.
> Try changing the double-quotes around HTTP_HOST to single quotes.
>
> For the record, I have no sympathy with you if you've lost business
> because you don't have a clue how to write PHP.
Harsh, man, harsh. Everyone has to learn somewhere.
Turbonutter wrote:
> Try changing the double-quotes around HTTP_HOST to single quotes.
>
> For the record, I have no sympathy with you if you've lost business
> because you don't have a clue how to write PHP.
Thanks for the replies. Turbonutter I don't see the relationship between losing potentially thousands of pounds of business due to not knowing the security changes made at Freeola and not being an expert in PHP.
I was just trying to follow instructions given on the Freeola website i.e.
If the variable you are trying to access is a server environment variable:
$my_variable_name=$_SERVER["HTTP_HOST"];
monkey_man yeah harsh your correct!
> Try changing the double-quotes around HTTP_HOST to single quotes.
>
> For the record, I have no sympathy with you if you've lost business
> because you don't have a clue how to write PHP.
Thanks for the replies. Turbonutter I don't see the relationship between losing potentially thousands of pounds of business due to not knowing the security changes made at Freeola and not being an expert in PHP.
I was just trying to follow instructions given on the Freeola website i.e.
If the variable you are trying to access is a server environment variable:
$my_variable_name=$_SERVER["HTTP_HOST"];
monkey_man yeah harsh your correct!
Maybe learning with a multi-thousand pund business is a bit of a silly place to start then? You can't deny that your ignored a basic PHP groundrule, never rely on register_globals. You'll find that most PHP developers use superglobals to initialise form variables whether register_globals is on or off. This was YOUR mistake, not Freeola's.
Page: