php form submitting empty variables
 

hi,
i have this code to submit a login form:

<?php

if(!isset($aid)){

?>

you must login:<br>

<form name="form1" method="post" action="<?=$PHP_SELF?>">

  <input type="text" name="aid"><br>

  <input type="password" name="apass><br>

  <input type="submit" name="submit" value=" Login "><br>

</form>

<?php

}

else{

?>

welcome etc...

<?php

}

?>

this code was working fine until something changed on the host server and i think it was register_globals changed from on to off and after that $aid is always empty except if i specifically call it as $_POST['aid'].
my question is: is my code above considered a good code, or should i use the $_POST and assign the value to the $aid variable instead of just using $aid directly? because i have many pages that i have to change this in.
i hope my question is clear... and thank you for your time.

Re: php form submitting empty variables
 

You must refer to the user inputs as $_POST[aid] and $_POST[apass]. DO NOT refer to them as $aid and $apass (don't even save them as variables if possible). There are many situation where this will come back to bite you in the rear if you do. I will mention the most detrimental one which is called called sql injection. Lets assume that you are saving user data in a sql database and your form page is called rori.com. What do you think you might happen if I typed in something like rori.com?aid=drop+database in the address bar? Your code might pass $aid to the database where it will get executed. You should run some checks on $_POST[aid] and put it into something that does not resemble the variable name $aid then insert it in the database. Just google sql injection if you want a more elaborate explanation.
PS. You should thank whomever turned off global_register on the server so you can't refer to $_POST[aid] as $aid anymore. Then yell at him for ever having it turned on.

Re: php form submitting empty variables
 

If the register globals are set to off then you are going to have to use $_POST.

<?php

if(!isset($_POST['aid'])){

?>

you must login:<br>

<form name="form1" method="post" action="<? $_SERVER['PHP_SELF']; ?>">

  <input type="text" name="aid"><br>

  <input type="password" name="apass><br>

  <input type="submit" name="submit" value=" Login "><br>

</form>

<?php

}

else{

?>

welcome etc...

<?php

}

?>

Re: php form submitting empty variables
 

If register globals is on, turn it off, this is possibly the worst function ever, it encourages slack programming and security problems.

Re: php form submitting empty variables
 

thanks everyone.
special thanks to Rayhan Muktader for the clear explanation.