Find the answer to your Linux question:
Page 1 of 2 1 2 LastLast
Results 1 to 10 of 12
I've been reading up on PHP/MySQL, and all of the tutorials have this syntax for submitting a form: (this version uses two files, datain.html and datain.php. permissions are wide open ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined! adamdaughterson's Avatar
    Join Date
    Mar 2003
    Location
    Denver, Colorado, USA
    Posts
    78

    Form POST Different for PHP3 and PHP4?


    I've been reading up on PHP/MySQL, and all of the tutorials have this syntax for submitting a form:

    (this version uses two files, datain.html and datain.php. permissions are wide open on both files, and the database is wide open as well)

    <HTML>
    <BODY>
    <form method="post" action="datain.php">
    First name:<input type="Text" name="first">

    Last name:<input type="Text" name="last">

    Nick Name:<input type="Text" name="nickname">

    E-mail:<input type="Text" name="email">

    Salary:<input type="Text" name="salary">

    <input type="Submit" name="submit" value="Enter information">
    </form>
    </BODY>
    </HTML>

    (then the php)

    <HTML>
    <?php
    $db = mysql_connect("localhost", "root","");
    mysql_select_db("learndb",$db);
    $sql = "INSERT INTO personnel (firstname, lastname, nick, email, salary) VALUES ('$first','$last','$nickname','$email','$salary')" ;
    $result = mysql_query($sql);
    echo "Thank you! Information entered.\n";
    ?>
    </HTML>

    So this all seems OK, except that the form is not posting anything! I even created a test to just echo the value contained in one of the text boxes like so:

    (the html)

    <html>
    <body>
    <form method="POST" action="postest.php">
    Test Variable<input type="text" name="testvar>

    <input type="Submit" name="submit" value="Enter information">
    </body>
    </html>

    (the php)
    <html>
    <body>
    <?php
    echo "$testvar";
    ?>
    </body>
    </html>

    ... and nothing is displayed in the new page. Shouldn't the value contained in the variable $testvar be displayed? Is this some difference between PHP3 and PHP4?

    Adam

  2. #2
    Linux Guru
    Join Date
    Oct 2001
    Location
    Täby, Sweden
    Posts
    7,578
    To be honest, I don't think that works with any version of PHP. To access POST values, you will need to use the $HTTP_POST_VARS array. There is some new stuff in PHP4, but why use a non-portable solution when it's so easy anyway?
    Just use this:
    Code:
    <html>
    <body>
    <?php
    print&#40;$HTTP_POST_VARS&#91;"testvar"&#93; . "\n"&#41;;
    ?>
    </body>
    </html>

  3. #3
    Just Joined! adamdaughterson's Avatar
    Join Date
    Mar 2003
    Location
    Denver, Colorado, USA
    Posts
    78

    Hmmm...

    That works...
    I wonder what these tutorials are all about then. My original post has exact-cut-n-paste-verbatim code from an IBM tutorial. The other one was from a webmonkey tutorial. I can only assume that the tutorial's were for much older versions of PHP.
    Thank you kindly,
    Adam

  4. $spacer_open
    $spacer_close
  5. #4
    Linux Engineer
    Join Date
    Apr 2003
    Location
    Sweden
    Posts
    796
    Strange...im runnig PHP 4.1.2 and this is how i catch get and post forms, which works fine.

    Showing on your code..

    Code:
    <HTML> 
    <BODY> 
    <form method="post" action="datain.php"> 
    
    First name&#58;<input type="Text" name="first">
     
    Last name&#58;<input type="Text" name="last">
     
    Nick Name&#58;<input type="Text" name="nickname">
     
    E-mail&#58;<input type="Text" name="email">
     
    Salary&#58;<input type="Text" name="salary">
     
    <input type="Submit" name="submit" value="Enter information"> 
    
    </form> 
    </BODY> 
    </HTML>
    This is how my datain.php should look like this...for example.

    Code:
    <?php
    session_start&#40;&#41;;
    ob_start&#40;&#41;;
    
    if&#40;empty&#40;$_POST&#91;first&#93;&#41;&#41;&#123;
            $FIRST= "No_firstname_specified";
            session_register&#40;"$FIRST"&#41;;
    &#125;else&#123;
            $FIRST= $_POST&#91;first&#93;;
            session_register&#40;"$first"&#41;;
    &#125;
    
    print "You specified firstname $FIRST";
    
    ob_end_flush&#40;&#41;;
    ?>
    Regards

    Andutt

  6. #5
    Linux Guru
    Join Date
    Oct 2001
    Location
    Täby, Sweden
    Posts
    7,578
    Using _POST is the new PHP4 way, using superglobals. I don't really like using it, since it isn't backwards compatible, but I guess that it's not really a big thing.

  7. #6
    Linux Engineer
    Join Date
    Apr 2003
    Location
    Sweden
    Posts
    796
    oki doki...
    Regards

    Andutt

  8. #7
    Linux Guru
    Join Date
    Apr 2003
    Location
    London, UK
    Posts
    3,284
    if your totally nut's, or have good reason to, you can edit your php.ini to turn the globals back on, so the example the original poster was talking about would work.

    Jason

  9. #8
    Linux User
    Join Date
    Jan 2003
    Location
    Cardiff, Wales
    Posts
    478

    shorthand

    I use the shorthand variable names for for objects

    $myTextbox

    I learnt PHP from an article on the MYSQL site which was written for PHP 3 it used this method. When i upgraded to 4 I just altered the php.ini to allow me to continue using this quick an easy method.

    Why is it a problem?
    No trees were harmed during the creation of this message. Its made from a blend of elephant tusk and dolphin meat.

  10. #9
    Linux Engineer Giro's Avatar
    Join Date
    Jul 2003
    Location
    England
    Posts
    1,219
    This is a big problem and very insecure say you have a varible named $tester in your script if you type http://urlhere/file.php?tester=my_new_var this would set $tester to my_new_var . The whole point of super globals is to seperate the POST/GET vars. Ill leave it to you to imagine what you could do with this

  11. #10
    Linux User
    Join Date
    Jan 2003
    Location
    Cardiff, Wales
    Posts
    478

    what difference

    if I have a form that sends data by post to a form. then someone who wants to break it can just make their own page with the same stuff in and point it at my processing page.

    But I think you are also making a different point. You are saying if i have a script which uses a variable called $myName that is not passed in by form data or url parameter. then someone can open my page with url?$myName="Kris" and that will potentially bugger up my code.

    In all honesty I can't see any of this being a problem for me. All vars other than those passed in are initialised before use. and all data submitted is validated before use.
    No trees were harmed during the creation of this message. Its made from a blend of elephant tusk and dolphin meat.

Page 1 of 2 1 2 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •