Ad:

PHP Discussion Thread
Marked Solved
Views: 3575

May 8th, 2008

php form submitting empty variables

Expand Post »

hi,
i have this code to submit a login form:

PHP Syntax (Toggle Plain Text)
<?php
if(!isset($aid)){
?>
you must login:<br>
<form name="form1" method="post" action="<?=$PHP_SELF?>">
  <input type="text" name="aid"><br>
  <input type="password" name="apass><br>
  <input type="submit" name="submit" value=" Login "><br>
</form>
<?php
}
else{
?>
welcome etc...
<?php
}
?>
 
<?php
if(!isset($aid)){
?>
you must login:<br>
<form name="form1" method="post" action="<?=$PHP_SELF?>">
  <input type="text" name="aid"><br>
  <input type="password" name="apass><br>
  <input type="submit" name="submit" value=" Login "><br>
</form>
<?php
}
else{
?>
welcome etc...
<?php
}
?>

this code was working fine until something changed on the host server and i think it was register_globals changed from on to off and after that $aid is always empty except if i specifically call it as $_POST['aid'].
my question is: is my code above considered a good code, or should i use the $_POST and assign the value to the $aid variable instead of just using $aid directly? because i have many pages that i have to change this in.
i hope my question is clear... and thank you for your time.

rori

Reputation Points: 10

Solved Threads: 0

Newbie Poster

Offline

24 posts
since Dec 2006

Permalink

May 8th, 2008

Re: php form submitting empty variables

You must refer to the user inputs as $_POST[aid] and $_POST[apass]. DO NOT refer to them as $aid and $apass (don't even save them as variables if possible). There are many situation where this will come back to bite you in the rear if you do. I will mention the most detrimental one which is called called sql injection. Lets assume that you are saving user data in a sql database and your form page is called rori.com. What do you think you might happen if I typed in something like rori.com?aid=drop+database in the address bar? Your code might pass $aid to the database where it will get executed. You should run some checks on $_POST[aid] and put it into something that does not resemble the variable name $aid then insert it in the database. Just google sql injection if you want a more elaborate explanation.
PS. You should thank whomever turned off global_register on the server so you can't refer to $_POST[aid] as $aid anymore. Then yell at him for ever having it turned on.

Last edited by Rayhan Muktader; May 8th, 2008 at 4:06 pm.

Rayhan Muktader

Reputation Points: 28

Solved Threads: 3

Light Poster

Offline

30 posts
since Oct 2006

Permalink

May 8th, 2008

Re: php form submitting empty variables

If the register globals are set to off then you are going to have to use $_POST.

PHP Syntax (Toggle Plain Text)
<?php
if(!isset($_POST['aid'])){
?>
you must login:<br>
<form name="form1" method="post" action="<? $_SERVER['PHP_SELF']; ?>">
  <input type="text" name="aid"><br>
  <input type="password" name="apass><br>
  <input type="submit" name="submit" value=" Login "><br>
</form>
<?php
}
else{
?>
welcome etc...
<?php
}
?>
 
<?php
if(!isset($_POST['aid'])){
?>
you must login:<br>
<form name="form1" method="post" action="<? $_SERVER['PHP_SELF']; ?>">
  <input type="text" name="aid"><br>
  <input type="password" name="apass><br>
  <input type="submit" name="submit" value=" Login "><br>
</form>
<?php
}
else{
?>
welcome etc...
<?php
}
?>

Last edited by mom_of_3; May 8th, 2008 at 4:09 pm.

mom_of_3

Reputation Points: 13

Solved Threads: 3

Newbie Poster

Offline

15 posts
since Feb 2008

Permalink

May 8th, 2008

Re: php form submitting empty variables

Click to Expand / Collapse Quote originally posted by mom_of_3 ...

If the register globals are set to off then you are going to have to use $_POST.

If register globals is on, turn it off, this is possibly the worst function ever, it encourages slack programming and security problems.

Will Gresham

Reputation Points: 96

Solved Threads: 124

Master Poster

Offline

728 posts
since May 2008

Permalink

May 18th, 2008

Re: php form submitting empty variables

thanks everyone.
special thanks to Rayhan Muktader for the clear explanation.

rori

Reputation Points: 10

Solved Threads: 0

Newbie Poster

Offline

24 posts
since Dec 2006

This thread is solved

Either the thread starter or a moderator has marked this thread as solved. You can most likely trust the responses and answers given. There is most likely no reason for any further responses to be posted here. If you have a related question, please start a new thread in this forum instead.

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.

Previous Thread in PHP Forum Timeline: Sort Problem

Next Thread in PHP Forum Timeline: resizable text section with a background with 4 curvy corners

DaniWeb Message

Cancel Changes

User Name
Password