PHP and the way it handles scripts

I am cofused in the way different servers handle code.

on some servers you can parse form information like

<?php echo $form_field; ?>

Yet on others this will not work, you have to use the following

<?php echo $_POST['form_field']; ?>

And when parsing info from a link on some its as easy as

<?php echo $handle_this; ?>

but on some you have to do this

<?php echo $_REQUEST['handle_this']; ?>

Even a simple include or require

on some servers you can do this

<?php include('somefile.php');?>

Yet on others you have to put the full path or root path

<?php include('http://www.yourdomain.com/somefile.php'); ?>

or

<?php include('your/root/folder/to/www/server/somefile.php'); ?>

Can anyone shed any light on so many differances in supposedly one server language

The diference between

<?php echo $form_field; ?>

and

<?php echo $_POST['form_field']; ?>

Is that the first one (essentially) would require register_globals be set to ON, which by default (on current versions) is set to OFF. This means you would be required to use the SECOND method above. Alternateively you can “Initialize” you variables (like those used in your first method) using the “Super Globals” (as in the second method) which would leave you with something like

<?php 
$form_field = $_POST['form_field'];
echo $form_field; 
?>

And a “Better” Way would be to do some “Checking” first AND provide a default value where needed.

i.e.

<?php 

$form_field = !empty($_POST['form_field']) ? $_POST['form_field'] : "" ; 
echo $form_field; 

?>

Same thing goes with the “REQUEST” method as well.

The INCLUDE portion should be a matter of where the file resides.

<?php include('somefile.php');?>

The above uses a “Relative” path, meaning that somefile.php MUST reside in the same folder that it’s being called from. It’s “RELATIVE” to where it’s being called. Likewise

<?php include('subfolder/somefile.php');?>

must reside in a folder called “subfolder” in the folder that it’s being called from. If not You get an error.

Sometimes you might have files that can be called from multiple locations in your website and you want to know EXACTLY where it’s from. So you use an ABSOLUTE path

<?php include('/your/root/folder/to/www/server/somefile.php'); ?>

This is from the ROOT of the server. Generally it’s the Operating Systems root and NOT the DOCUMENT root of your webserver.

Lastly , I am not sure if your example of

<?php include('http://www.yourdomain.com/somefile.php'); ?>

would work well at all (if it would even work) as I have never tried it. I suppose it might if you only had PLAIN Text, however pulling a PHP file directly from a webserver, means that all the PHP would be parsed, so if you are passing things that might be PHP code that you expect to be included, it won’t work.

Have a look at http://us2.php.net/register_globals for more info on REGISTER_GLOBALS

Thanks for your reply

I now understand about register globals but as for including files I have come across a php server where even though the file was in the same directory you had to put in the full path http:// and all. Any idea why

It’s another setting in php.ini. Basically for security. It’s good practice to use absolute URLs instead of relative URLs in your code to prevent forms of hacking.

Right, thanks peg

came up with a bit of a solution for the register_globals though

function clean_input($string)
{
	if(function_exists('mysql_real_escape_string'))
	{
		if(get_magic_quotes_gpc())
		{
			$string = stripslashes($string);
		}
		$string =  mysql_real_escape_string($string);
	}
	elseif(function_exists('mysql_escape_string'))
		{
			if(get_magic_quotes_gpc())
			{
				$string = stripslashes($string);
			}
			$string =  mysql_escape_string($string); 
		}
		else
		{
			$string = addslashes($string);
		}

	return $string;
}

foreach($_POST as $string=>$value) {
$$string = clean_input($value);
}

Keep in mind that your clean_input() function cleans input ONLY for use in MySQL queries. It does NOT, for example, clean XSS attempts or other forms of hacking.