php form submitting empty variables

Thread Solved

Join Date: Dec 2006
Posts: 14
Reputation: rori is an unknown quantity at this point 
Solved Threads: 0
rori's Avatar
rori rori is offline Offline
Newbie Poster

php form submitting empty variables

 
0
  #1
May 8th, 2008
hi,
i have this code to submit a login form:
  1. <?php
  2. if(!isset($aid)){
  3. ?>
  4. you must login:<br>
  5. <form name="form1" method="post" action="<?=$PHP_SELF?>">
  6. <input type="text" name="aid"><br>
  7. <input type="password" name="apass><br>
  8. <input type="submit" name="submit" value=" Login "><br>
  9. </form>
  10. <?php
  11. }
  12. else{
  13. ?>
  14. welcome etc...
  15. <?php
  16. }
  17. ?>
  18.  
this code was working fine until something changed on the host server and i think it was register_globals changed from on to off and after that $aid is always empty except if i specifically call it as $_POST['aid'].
my question is: is my code above considered a good code, or should i use the $_POST and assign the value to the $aid variable instead of just using $aid directly? because i have many pages that i have to change this in.
i hope my question is clear... and thank you for your time.
Reply With Quote Quick reply to this message  
Join Date: Oct 2006
Posts: 30
Reputation: Rayhan Muktader is an unknown quantity at this point 
Solved Threads: 3
Rayhan Muktader Rayhan Muktader is offline Offline
Light Poster

Re: php form submitting empty variables

 
0
  #2
May 8th, 2008
You must refer to the user inputs as $_POST[aid] and $_POST[apass]. DO NOT refer to them as $aid and $apass (don't even save them as variables if possible). There are many situation where this will come back to bite you in the rear if you do. I will mention the most detrimental one which is called called sql injection. Lets assume that you are saving user data in a sql database and your form page is called rori.com. What do you think you might happen if I typed in something like rori.com?aid=drop+database in the address bar? Your code might pass $aid to the database where it will get executed. You should run some checks on $_POST[aid] and put it into something that does not resemble the variable name $aid then insert it in the database. Just google sql injection if you want a more elaborate explanation.
PS. You should thank whomever turned off global_register on the server so you can't refer to $_POST[aid] as $aid anymore. Then yell at him for ever having it turned on.
Last edited by Rayhan Muktader; May 8th, 2008 at 4:06 pm.
I don't reply to private messages.
Reply With Quote Quick reply to this message  
Join Date: Feb 2008
Posts: 15
Reputation: mom_of_3 is an unknown quantity at this point 
Solved Threads: 3
mom_of_3's Avatar
mom_of_3 mom_of_3 is offline Offline
Newbie Poster

Re: php form submitting empty variables

 
0
  #3
May 8th, 2008
If the register globals are set to off then you are going to have to use $_POST.

  1. <?php
  2. if(!isset($_POST['aid'])){
  3. ?>
  4. you must login:<br>
  5. <form name="form1" method="post" action="<? $_SERVER['PHP_SELF']; ?>">
  6. <input type="text" name="aid"><br>
  7. <input type="password" name="apass><br>
  8. <input type="submit" name="submit" value=" Login "><br>
  9. </form>
  10. <?php
  11. }
  12. else{
  13. ?>
  14. welcome etc...
  15. <?php
  16. }
  17. ?>
  18.  
Last edited by mom_of_3; May 8th, 2008 at 4:09 pm.
Reply With Quote Quick reply to this message  
Join Date: May 2008
Posts: 524
Reputation: Will Gresham is on a distinguished road 
Solved Threads: 86
Sponsor
Will Gresham's Avatar
Will Gresham Will Gresham is offline Offline
Posting Pro

Re: php form submitting empty variables

 
0
  #4
May 8th, 2008
Originally Posted by mom_of_3 View Post
If the register globals are set to off then you are going to have to use $_POST.
If register globals is on, turn it off, this is possibly the worst function ever, it encourages slack programming and security problems.
Reply With Quote Quick reply to this message  
Join Date: Dec 2006
Posts: 14
Reputation: rori is an unknown quantity at this point 
Solved Threads: 0
rori's Avatar
rori rori is offline Offline
Newbie Poster

Re: php form submitting empty variables

 
0
  #5
May 18th, 2008
thanks everyone.
special thanks to Rayhan Muktader for the clear explanation.
Reply With Quote Quick reply to this message  
Reply

This thread has been marked solved.
Perhaps start a new thread instead?
Message:



Other Threads in the PHP Forum
Thread Tools Search this Thread



About Us | Contact Us | Advertise | DaniWeb | Acceptable Use Policy | RSS Feed

©2003 - 2009 DaniWeb® LLC