954,568 Members — Technology Publication meets Social Media
Username:
Password:
Lost login information?
Have something to say? Contribute New Article Reply to this Article
4 Years Ago
0

php form submitting empty variables

hi,
i have this code to submit a login form:

<?php
if(!isset($aid)){
?>
you must login:
<form name="form1" method="post" action="<?=$PHP_SELF?>">
  <input type="text" name="aid">
  <input type="password" name="apass>
  <input type="submit" name="submit" value=" Login ">
</form>
<?php
}
else{
?>
welcome etc...
<?php
}
?>

this code was working fine until something changed on the host server and i think it was register_globals changed from on to off and after that $aid is always empty except if i specifically call it as $_POST['aid'].
my question is: is my code above considered a good code, or should i use the $_POST and assign the value to the $aid variable instead of just using $aid directly? because i have many pages that i have to change this in.
i hope my question is clear... and thank you for your time.

rori
Newbie Poster
24 posts since Dec 2006
Reputation Points: 10
Solved Threads: 0
 
4 Years Ago
0

You must refer to the user inputs as $_POST[aid] and $_POST[apass]. DO NOT refer to them as $aid and $apass (don't even save them as variables if possible). There are many situation where this will come back to bite you in the rear if you do. I will mention the most detrimental one which is called called sql injection. Lets assume that you are saving user data in a sql database and your form page is called rori.com. What do you think you might happen if I typed in something like rori.com?aid=drop+database in the address bar? Your code might pass $aid to the database where it will get executed. You should run some checks on $_POST[aid] and put it into something that does not resemble the variable name $aid then insert it in the database. Just google sql injection if you want a more elaborate explanation.
PS. You should thank whomever turned off global_register on the server so you can't refer to $_POST[aid] as $aid anymore. Then yell at him for ever having it turned on.

Rayhan Muktader
Light Poster
30 posts since Oct 2006
Reputation Points: 28
Solved Threads: 3
 
4 Years Ago
0

If the register globals are set to off then you are going to have to use $_POST.

<?php
if(!isset($_POST['aid'])){
?>
you must login:
<form name="form1" method="post" action="<? $_SERVER['PHP_SELF']; ?>">
  <input type="text" name="aid">
  <input type="password" name="apass>
  <input type="submit" name="submit" value=" Login ">
</form>
<?php
}
else{
?>
welcome etc...
<?php
}
?>
mom_of_3
Newbie Poster
15 posts since Feb 2008
Reputation Points: 13
Solved Threads: 3
 
4 Years Ago
0
If the register globals are set to off then you are going to have to use $_POST.

If register globals is on, turn it off, this is possibly the worst function ever, it encourages slack programming and security problems.

Will Gresham
Master Poster
755 posts since May 2008
Reputation Points: 96
Solved Threads: 125
 
4 Years Ago
0

thanks everyone.
special thanks to Rayhan Muktader for the clear explanation.

rori
Newbie Poster
24 posts since Dec 2006
Reputation Points: 10
Solved Threads: 0
 

This question has already been solved

Post: Markdown Syntax: Formatting Help
You
 
© 2012 DaniWeb® LLC
Home | About Us | Contact Us | Terms of Service | Advertising Opportunities
RSS Feed RSS Feed