php form submitting empty variables

•

What is DaniWeb IT Discussion Community?

You're currently browsing the PHP section within the Web Development category of DaniWeb, a massive community of 361,551 software developers, web developers, Internet marketers, and tech gurus who are all enthusiastic about making contacts, networking, and learning from each other. In fact, there are 2,077 IT professionals currently interacting right now! Registration is free, only takes a minute and lets you enjoy all of the interactive features of the site.

Join our community!

Please support our PHP advertiser: Lunarpages PHP Web Hosting

Thread Tools Display Modes

Views: 368 | Replies: 4 | Solved

•

Join Date: Dec 2006

Location: Damascus

Posts: 5

Reputation: rori is an unknown quantity at this point

Rep Power: 0

Solved Threads: 0

rori

Offline

Newbie Poster

php form submitting empty variables

May 8th, 2008

hi,
i have this code to submit a login form:

Help with Code Tags

(Toggle Plain Text)

<?php
if(!isset($aid)){
?>
you must login:<br>
<form name="form1" method="post" action="<?=$PHP_SELF?>">
  <input type="text" name="aid"><br>
  <input type="password" name="apass><br>
  <input type="submit" name="submit" value=" Login "><br>
</form>
<?php
}
else{
?>
welcome etc...
<?php
}
?>

this code was working fine until something changed on the host server and i think it was register_globals changed from on to off and after that $aid is always empty except if i specifically call it as $_POST['aid'].
my question is: is my code above considered a good code, or should i use the $_POST and assign the value to the $aid variable instead of just using $aid directly? because i have many pages that i have to change this in.
i hope my question is clear... and thank you for your time.

•

Join Date: Oct 2006

Posts: 26

Reputation: Rayhan Muktader is an unknown quantity at this point

Rep Power: 2

Solved Threads: 2

Rayhan Muktader Rayhan Muktader is offline

Offline

Light Poster

Re: php form submitting empty variables

May 8th, 2008

You must refer to the user inputs as $_POST[aid] and $_POST[apass]. DO NOT refer to them as $aid and $apass (don't even save them as variables if possible). There are many situation where this will come back to bite you in the rear if you do. I will mention the most detrimental one which is called called sql injection. Lets assume that you are saving user data in a sql database and your form page is called rori.com. What do you think you might happen if I typed in something like rori.com?aid=drop+database in the address bar? Your code might pass $aid to the database where it will get executed. You should run some checks on $_POST[aid] and put it into something that does not resemble the variable name $aid then insert it in the database. Just google sql injection if you want a more elaborate explanation.
PS. You should thank whomever turned off global_register on the server so you can't refer to $_POST[aid] as $aid anymore. Then yell at him for ever having it turned on.

Last edited by Rayhan Muktader : May 8th, 2008 at 3:06 pm.

I don't reply to private messages.

•

Join Date: Feb 2008

Location: Ottawa, Ontario

Posts: 15

Reputation: mom_of_3 is an unknown quantity at this point

Rep Power: 1

Solved Threads: 3

mom_of_3

Offline

Newbie Poster

Re: php form submitting empty variables

May 8th, 2008

If the register globals are set to off then you are going to have to use $_POST.

Help with Code Tags

(Toggle Plain Text)

<?php
if(!isset($_POST['aid'])){
?>
you must login:<br>
<form name="form1" method="post" action="<? $_SERVER['PHP_SELF']; ?>">
  <input type="text" name="aid"><br>
  <input type="password" name="apass><br>
  <input type="submit" name="submit" value=" Login "><br>
</form>
<?php
}
else{
?>
welcome etc...
<?php
}
?>

Last edited by mom_of_3 : May 8th, 2008 at 3:09 pm.