Forum

/ Home \ \ Subjects /



Subject: PHP 5.2.8 doesn't work

18/12/2008 08:24 suncheez:
Win XP, PHP was installed with standard win32 installer to c:\progra~1\php. Php.exe pointed correctly in shttps settings.

Standard phpinfo(); request shows something unreadable:
"System => Windows NT WINDOWSXPENG 5.1 build 2600 Build Date => Dec 8 2008 19:30:48 Configure Command => cscript /nologo configure.js "--enable-snapshot-build" "--enable-debug-pack" "--with-snapshot-template=d:\php-sdk\snap_5_2\vc6\x86\template" "--with-php-build=d:\php-sdk\snap_5_2\vc6\x86\php_build" "--with-pdo-oci=D:\php-sdk\oracle\instantclient10\sdk,shared" "--with-oci8=D:\php-sdk\oracle\instantclient10\sdk,shared" Server API => Command Line Interface Virtual Directory Support => enabled..." and so on.

What I did wrong or missed?
18/12/2008 09:18 suncheez:
sorry, I've solved it. Install PHP with exe module and put cgi.force_redirect = 0 in its .ini
18/12/2008 12:30 Max:
Usualy next steps need to setup PHP:

1) Download php4.x.x.zip or php5.x.x.zip -- full package
2) Extract this to a directory. E.g. to C:\PHP
3) The package does not content php.ini -- your own configuration file.
Instead it package included two files php.ini-dist and php.ini-recomendet.
Take one of this file and rename it to php.ini
Both files is wrong, the program will not correct working until you do
not change your php.ini

Usualy next vars request changes:

display_startup_errors = On
arg_separator.input = "&"
variables_order = "GPECS"
register_globals = On
magic_quotes_runtime = On
enable_dl = On
cgi.force_redirect = 0
force_redirect = 0
The line ;pfpro.defaultport = 443 must be comented


21/03/2009 00:43 AnrDaemon:
register_globals = Off
magic_quotes_runtime = Off

If you have it otherwise... well, it's your system. Don't cry when you loose it.
28/03/2009 12:27 Max:
register_globals mean that all request variables will be available as local variables.

E.g. If request "?a=123&b=345" -- With register_globals=on the vars $a and $b will be defined. Without this option you may get it with $_GET['a'] and $_GET['b'] only. Some scripts will not work without this option.

magic_quotes_runtime it just control for quotes for external variables. It is not important, not dangerous, but required for some scripts.


15/04/2009 02:57 AnrDaemon:
Well, let me explain.

register_globals=On - major security flaw.
Here's a very simple roundtrip (usually, they aren't that clear to trace, which makes things worse):
Imagine page, in which you rely on a cookie "admin=1" to provide administrative functionality for visitor.
Then anyone who would call your page with ?admin=1 will become an admin. Sure you want that to happen?

magic_quotes_runtime=On - just plain idiocy.
what it does is that it altering(!) your input data by inserting backslashes in front of certain symbols. Thus require more processing time for every page (First it adding slashes and then you use stripslashes() to remove them)

Both options are deprecated since PHP 5.3 and will be removed in PHP 6.0.
Sources:
ru.php.net/manual/en/info.configuration.php#ini.magic-quotes-runtime
ru.php.net/manual/en/ini.core.php#ini.register-globals

User: Password: New user:   Save password: