 |  |  |  |  |  |  |  |
php form submitting empty variables
Please support our PHP advertiser: PostgreSQL or MySQL? Compare and contrast the two most popular open source databases
Thread Solved |
hi,
i have this code to submit a login form:
this code was working fine until something changed on the host server and i think it was register_globals changed from on to off and after that $aid is always empty except if i specifically call it as $_POST['aid'].
my question is: is my code above considered a good code, or should i use the $_POST and assign the value to the $aid variable instead of just using $aid directly? because i have many pages that i have to change this in.
i hope my question is clear... and thank you for your time.
i have this code to submit a login form:
PHP Syntax (Toggle Plain Text)
my question is: is my code above considered a good code, or should i use the $_POST and assign the value to the $aid variable instead of just using $aid directly? because i have many pages that i have to change this in.
i hope my question is clear... and thank you for your time.
•
•
Join Date: Oct 2006
Posts: 30
Reputation: 
Solved Threads: 3
Light Poster
You must refer to the user inputs as $_POST[aid] and $_POST[apass]. DO NOT refer to them as $aid and $apass (don't even save them as variables if possible). There are many situation where this will come back to bite you in the rear if you do. I will mention the most detrimental one which is called called sql injection. Lets assume that you are saving user data in a sql database and your form page is called rori.com. What do you think you might happen if I typed in something like rori.com?aid=drop+database in the address bar? Your code might pass $aid to the database where it will get executed. You should run some checks on $_POST[aid] and put it into something that does not resemble the variable name $aid then insert it in the database. Just google sql injection if you want a more elaborate explanation.
PS. You should thank whomever turned off global_register on the server so you can't refer to $_POST[aid] as $aid anymore. Then yell at him for ever having it turned on.
PS. You should thank whomever turned off global_register on the server so you can't refer to $_POST[aid] as $aid anymore. Then yell at him for ever having it turned on.
Last edited by Rayhan Muktader; May 8th, 2008 at 4:06 pm.
I don't reply to private messages.
If the register globals are set to off then you are going to have to use $_POST.
PHP Syntax (Toggle Plain Text)
Last edited by mom_of_3; May 8th, 2008 at 4:09 pm.
 |
Other Threads in the PHP Forum
- Previous Thread: Sort Problem
- Next Thread: resizable text section with a background with 4 curvy corners
| Thread Tools | Search this Thread |
Latest PHP Posts
- Today's Posts
- Unanswered Threads
Related Forum Features
Tag cloud for PHP
.htaccess access ajax apache api array beginner binary broken cakephp checkbox class cms code codingproblem cron curl database date directory display download dynamic echo email error file files folder form forms function functions google href htaccess html image include insert integration ip java javascript joomla limit link login loop mail memmory menu methods mlm mod_rewrite multiple mysql oop parse paypal pdf php problem query radio random recursion regex remote script search select send server sessions sms snippet soap source space speed sql static structure syntax system table tutorial up-to-date update upload url validation validator variable video web wordpress xml youtube
