 |  |  |  |  |  |  |  |
php form submitting empty variables
Please support our PHP advertiser: PostgreSQL or MySQL? Compare and contrast the two most popular open source databases
Thread Solved |
hi,
i have this code to submit a login form:
this code was working fine until something changed on the host server and i think it was register_globals changed from on to off and after that $aid is always empty except if i specifically call it as $_POST['aid'].
my question is: is my code above considered a good code, or should i use the $_POST and assign the value to the $aid variable instead of just using $aid directly? because i have many pages that i have to change this in.
i hope my question is clear... and thank you for your time.
i have this code to submit a login form:
PHP Syntax (Toggle Plain Text)
my question is: is my code above considered a good code, or should i use the $_POST and assign the value to the $aid variable instead of just using $aid directly? because i have many pages that i have to change this in.
i hope my question is clear... and thank you for your time.
•
•
Join Date: Oct 2006
Posts: 30
Reputation: 
Solved Threads: 3
Light Poster
You must refer to the user inputs as $_POST[aid] and $_POST[apass]. DO NOT refer to them as $aid and $apass (don't even save them as variables if possible). There are many situation where this will come back to bite you in the rear if you do. I will mention the most detrimental one which is called called sql injection. Lets assume that you are saving user data in a sql database and your form page is called rori.com. What do you think you might happen if I typed in something like rori.com?aid=drop+database in the address bar? Your code might pass $aid to the database where it will get executed. You should run some checks on $_POST[aid] and put it into something that does not resemble the variable name $aid then insert it in the database. Just google sql injection if you want a more elaborate explanation.
PS. You should thank whomever turned off global_register on the server so you can't refer to $_POST[aid] as $aid anymore. Then yell at him for ever having it turned on.
PS. You should thank whomever turned off global_register on the server so you can't refer to $_POST[aid] as $aid anymore. Then yell at him for ever having it turned on.
Last edited by Rayhan Muktader; May 8th, 2008 at 4:06 pm.
I don't reply to private messages.
If the register globals are set to off then you are going to have to use $_POST.
PHP Syntax (Toggle Plain Text)
Last edited by mom_of_3; May 8th, 2008 at 4:09 pm.
 |
Other Threads in the PHP Forum
- Previous Thread: Sort Problem
- Next Thread: resizable text section with a background with 4 curvy corners
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest PHP Posts
- Today's Posts
- Unanswered Threads
apache api archive array autocomplete beginner binary broken cakephp checkbox class cms code cron curl database dataentry date display duplicates dynamic ebooks echo email emptydisplayvalue error execute explodefunction file files firstoptioninphpdroplist folder form forms function functions google href htaccess html image include insert ip javasciptvalidation javascript joomla keywords limit link login mail matching mediawiki menu mlm multiple mysql number oop paypal pdf php phpincludeissue problem query radio random recursion recursive remote script search server sessions shot sms source sp space speed sql subdomain subscription syntax system table tag tutorial tutorials update upload url validator variable vbulletin video web white youtube
