Form Post Doesn't Work

Re: Form Post Doesn't Work

Google Mike wrote:[color=blue]
><?php
> echo "You entered your username as $username.";
> ?>[/color]

Try
<?php
echo "You entered your username as ${_POST[username]}";
?>

and check out



--
I have a spam filter working.
To mail me include "urkxvq" (with or without the quotes)
in the subject line, or your mail will be ruthlessly discarded.

Re: Form Post Doesn't Work

googlemike@hotp op.com (Google Mike) schrieb:
[color=blue]
> ## INDEX.PHP ##
> <html><head></head><body>
> <form action="process .php" method="post">
> <input type="text" name="username" >
> <input type="submit" value="Test">
> </form>
> </body></html>
>
> ## PROCESS.PHP ##
> <?php
> echo "You entered your username as $username.";
> ?>
>
> The result I get is:
>
> You entered your username as.
>
> What's the catch?[/color]

This should work:

## PROCESS.PHP ##
<?php
echo "You entered your username as $_POST['username'].";
?>

Your code will work, if register_global s is activated. By default it is
deactivated and activating it might lead to severe security leaks.
See http://www.php.net/manual/en/securit...terglobals.php for
details.

Have a look at the PHP Superglobals in the documentation at
http://www.php.net/manual/en/languag...predefined.php to see
how it should be done.

Regards,
Matthias

Re: Form Post Doesn't Work

Matthias Esken <muelleimer2003 nospam@usenetve rwaltung.org> wrote in message[color=blue]
> Your code will work, if register_global s is activated. By default it is
> deactivated and activating it might lead to severe security leaks.
> See http://www.php.net/manual/en/securit...terglobals.php for
> details.
>
> Have a look at the PHP Superglobals in the documentation at
> http://www.php.net/manual/en/languag...predefined.php to see
> how it should be done.[/color]

To Matthias and Pedro. I really appreciate your quick reply, but I was
shocked to see this answer from the contributors of PHP that you so
kindly relayed to me. This is certainly distressing, don't you think?
I mean, now we have to use this convoluted method with the _ vars to
get stuff, particularly _POST. Usually from what I have read about C,
when something begins with _, it's usually meant that you weren't
supposed to call it.

Here's my spin. Perhaps the PHP team found out about the security
problem, and this put PHP in a dangerous situation, so they decided to
use the fallback with the underscore var technique as an emergency.

Do you see how countless developers will begin writing stuff for this
rev. of PHP, using the _POST technique, and it certainly could be
deprecated in the near future, putting all those projects at risk of a
rewrite?

My commentary to the PHP team is to remedy the situation rapidly. It's
not a big thing that they should do. I believe they should write
another routine that abstracts the _POST routine with a non-underscore
var, such as, dare I say, 'Request("usern ame")', and that way they can
change the underscore vars on a whim without breaking anyone's code.

Either that, or permit PHP developers to use C-like macros so that we
can rename _POST with Request.

But, saying this, please understand I'm a newbie to PHP. My skills are
in C, VB, ASP, JSP and have recently been impressed with some of the
features of PHP. My commentary is not a seasoned one and I welcome
your opinions to educate me on why things are the way they are.

Re: Form Post Doesn't Work


On 7-Oct-2003, googlemike@hotp op.com (Google Mike) wrote:
[color=blue]
> Matthias Esken <muelleimer2003 nospam@usenetve rwaltung.org> wrote in
> message[color=green]
> > Your code will work, if register_global s is activated. By default it is
> > deactivated and activating it might lead to severe security leaks.
> > See http://www.php.net/manual/en/securit...terglobals.php for
> > details.
> >
> > Have a look at the PHP Superglobals in the documentation at
> > http://www.php.net/manual/en/languag...predefined.php to see
> > how it should be done.[/color]
>
> To Matthias and Pedro. I really appreciate your quick reply, but I was
> shocked to see this answer from the contributors of PHP that you so
> kindly relayed to me. This is certainly distressing, don't you think?
> I mean, now we have to use this convoluted method with the _ vars to
> get stuff, particularly _POST. Usually from what I have read about C,
> when something begins with _, it's usually meant that you weren't
> supposed to call it.
>
> Here's my spin. Perhaps the PHP team found out about the security
> problem, and this put PHP in a dangerous situation, so they decided to
> use the fallback with the underscore var technique as an emergency.
>
> Do you see how countless developers will begin writing stuff for this
> rev. of PHP, using the _POST technique, and it certainly could be
> deprecated in the near future, putting all those projects at risk of a
> rewrite?
>
> My commentary to the PHP team is to remedy the situation rapidly. It's
> not a big thing that they should do. I believe they should write
> another routine that abstracts the _POST routine with a non-underscore
> var, such as, dare I say, 'Request("usern ame")', and that way they can
> change the underscore vars on a whim without breaking anyone's code.
>
> Either that, or permit PHP developers to use C-like macros so that we
> can rename _POST with Request.
>
> But, saying this, please understand I'm a newbie to PHP. My skills are
> in C, VB, ASP, JSP and have recently been impressed with some of the
> features of PHP. My commentary is not a seasoned one and I welcome
> your opinions to educate me on why things are the way they are.[/color]

I think you misunderstand the leading underscore even in the context of C,
etc. The leading underscore on variable and function names is to separate
the global namespace of the system/compiler/language from the application.
Had C been created with this in mind, most of the stdlib functions would
start with _. There's nothing convoluted or weird about accessing a 'system'
variable like $_POST, it's functionally no different than if it was called
$post, it just avoids breaking any existing application that used $post as a
variable. It's unlikely that $_POST will be changed or depreciated anytime
soon, certainly not on a whim.

The security problem you refer to was not a flaw in PHP as much as a
potential risk if good coding practices weren't followed. To encourage good
coding, register_global s was defaulted to off and the superglobals like
$_POST were created to make good programming easier.

Abstracting $_POST to something else will add to the confusion, create
potential namespace problems and solve nothing. If you want to abstract it
for yourself, I suggest you create an include file that does so.

--
Tom Thackrey

tom (at) creative (dash) light (dot) com
do NOT send email to jamesbutler@wil lglen.net (it's reserved for spammers)

Re: Form Post Doesn't Work

Thanks, Tom, for clearing that up. I had some misconceptions. I have
abstracted $_POST now as Request() and it's working great.