Form Post Doesn't Work

Google Mike

I have RH9 Linux with the versions of Apache and PHP that came with
it. The PHP is version 4.2.2 on the CD, I believe. Apache, I think, is
version 2.0.

I found I can do some regular PHP stuff like pull data back from MySQL
and show it, but posting form data from one web form to another web
page simply doesn't work for some reason. Has anyone seen this?

Example:

## INDEX.PHP ##
<html><head></head><body>
<form action="process .php" method="post">
<input type="text" name="username" >
<input type="submit" value="Test">
</form>
</body></html>

## PROCESS.PHP ##
<?php
echo "You entered your username as $username.";
?>

The result I get is:

You entered your username as.

What's the catch?

Jul 17 '05 #1

Subscribe Reply

11088

Pedro

Google Mike wrote:

<?php
echo "You entered your username as $username.";
?>

Try
<?php
echo "You entered your username as ${_POST[username]}";
?>

and check out
http://www.php.net/manual/en/securit...terglobals.php
--
I have a spam filter working.
To mail me include "urkxvq" (with or without the quotes)
in the subject line, or your mail will be ruthlessly discarded.

Jul 17 '05 #2

Matthias Esken

go********@hotp op.com (Google Mike) schrieb:

## INDEX.PHP ##
<html><head></head><body>
<form action="process .php" method="post">
<input type="text" name="username" >
<input type="submit" value="Test">
</form>
</body></html>

## PROCESS.PHP ##
<?php
echo "You entered your username as $username.";
?>

The result I get is:

You entered your username as.

What's the catch?

This should work:

## PROCESS.PHP ##
<?php
echo "You entered your username as $_POST['username'].";
?>

Your code will work, if register_global s is activated. By default it is
deactivated and activating it might lead to severe security leaks.
See http://www.php.net/manual/en/securit...terglobals.php for
details.

Have a look at the PHP Superglobals in the documentation at
http://www.php.net/manual/en/languag...predefined.php to see
how it should be done.

Regards,
Matthias

Jul 17 '05 #3

Google Mike

Matthias Esken <mu************ ******@usenetve rwaltung.org> wrote in message

Your code will work, if register_global s is activated. By default it is
deactivated and activating it might lead to severe security leaks.
See http://www.php.net/manual/en/securit...terglobals.php for
details.

Have a look at the PHP Superglobals in the documentation at
http://www.php.net/manual/en/languag...predefined.php to see
how it should be done.

To Matthias and Pedro. I really appreciate your quick reply, but I was
shocked to see this answer from the contributors of PHP that you so
kindly relayed to me. This is certainly distressing, don't you think?
I mean, now we have to use this convoluted method with the _ vars to
get stuff, particularly _POST. Usually from what I have read about C,
when something begins with _, it's usually meant that you weren't
supposed to call it.

Here's my spin. Perhaps the PHP team found out about the security
problem, and this put PHP in a dangerous situation, so they decided to
use the fallback with the underscore var technique as an emergency.

Do you see how countless developers will begin writing stuff for this
rev. of PHP, using the _POST technique, and it certainly could be
deprecated in the near future, putting all those projects at risk of a
rewrite?

My commentary to the PHP team is to remedy the situation rapidly. It's
not a big thing that they should do. I believe they should write
another routine that abstracts the _POST routine with a non-underscore
var, such as, dare I say, 'Request("usern ame")', and that way they can
change the underscore vars on a whim without breaking anyone's code.

Either that, or permit PHP developers to use C-like macros so that we
can rename _POST with Request.

But, saying this, please understand I'm a newbie to PHP. My skills are
in C, VB, ASP, JSP and have recently been impressed with some of the
features of PHP. My commentary is not a seasoned one and I welcome
your opinions to educate me on why things are the way they are.

Jul 17 '05 #4

Tom Thackrey

On 7-Oct-2003, go********@hotp op.com (Google Mike) wrote:

Matthias Esken <mu************ ******@usenetve rwaltung.org> wrote in
message
Your code will work, if register_global s is activated. By default it is
deactivated and activating it might lead to severe security leaks.
See http://www.php.net/manual/en/securit...terglobals.php for
details.

Have a look at the PHP Superglobals in the documentation at
http://www.php.net/manual/en/languag...predefined.php to see
how it should be done.

To Matthias and Pedro. I really appreciate your quick reply, but I was
shocked to see this answer from the contributors of PHP that you so
kindly relayed to me. This is certainly distressing, don't you think?
I mean, now we have to use this convoluted method with the _ vars to
get stuff, particularly _POST. Usually from what I have read about C,
when something begins with _, it's usually meant that you weren't
supposed to call it.

Here's my spin. Perhaps the PHP team found out about the security
problem, and this put PHP in a dangerous situation, so they decided to
use the fallback with the underscore var technique as an emergency.

Do you see how countless developers will begin writing stuff for this
rev. of PHP, using the _POST technique, and it certainly could be
deprecated in the near future, putting all those projects at risk of a
rewrite?

My commentary to the PHP team is to remedy the situation rapidly. It's
not a big thing that they should do. I believe they should write
another routine that abstracts the _POST routine with a non-underscore
var, such as, dare I say, 'Request("usern ame")', and that way they can
change the underscore vars on a whim without breaking anyone's code.

Either that, or permit PHP developers to use C-like macros so that we
can rename _POST with Request.

But, saying this, please understand I'm a newbie to PHP. My skills are
in C, VB, ASP, JSP and have recently been impressed with some of the
features of PHP. My commentary is not a seasoned one and I welcome
your opinions to educate me on why things are the way they are.

I think you misunderstand the leading underscore even in the context of C,
etc. The leading underscore on variable and function names is to separate
the global namespace of the system/compiler/language from the application.
Had C been created with this in mind, most of the stdlib functions would
start with _. There's nothing convoluted or weird about accessing a 'system'
variable like $_POST, it's functionally no different than if it was called
$post, it just avoids breaking any existing application that used $post as a
variable. It's unlikely that $_POST will be changed or depreciated anytime
soon, certainly not on a whim.

The security problem you refer to was not a flaw in PHP as much as a
potential risk if good coding practices weren't followed. To encourage good
coding, register_global s was defaulted to off and the superglobals like
$_POST were created to make good programming easier.

Abstracting $_POST to something else will add to the confusion, create
potential namespace problems and solve nothing. If you want to abstract it
for yourself, I suggest you create an include file that does so.

--
Tom Thackrey
www.creative-light.com
tom (at) creative (dash) light (dot) com
do NOT send email to ja*********@wil lglen.net (it's reserved for spammers)

Jul 17 '05 #5

Google Mike

Thanks, Tom, for clearing that up. I had some misconceptions. I have
abstracted $_POST now as Request() and it's working great.

Jul 17 '05 #6

Similar topics

4901

JavaScript Form Validation Doesn't Work In Netscape

by: AnnMarie | last post by:

My JavaScript Form Validation doesn't work at all in Netscape, but it works fine in IE. I made some of the suggested changes which enabled it to work in IE. I couldn't make all the changes because then it didn't work in IE. How can I enable this javascipt form validation to work in Netscape? When I use netscape, none of the alert boxes appear. It submits the form without validating anything.

Javascript

1671

Form validation doesn't work in Netscape 7.1

by: lmeng | last post by:

Hi, I am new to this Forum. Thanks in advance for any kind help. In the following HTML code, when I change the value of one text field then click "Modify" button, if the validation fails a message will popup and the cotent of the form should NOT be submitted. (The actual code connects to the database at the backend so I can check if the value is submmited).

Javascript

1343

Copied form class doesn't work

by: Larry | last post by:

I have made a form class, it is an about box. the form (the form class) resides in a project where I call it from a test form. Everything works ok. But, When I copy the form class (frmabout.vb file) into another project, and attempt to use it, it doesn't work, the project hangs when I run it. I opened up the form (frmabout.vb), the new copy in the new project,

.NET Framework

1744

Form validation doesn't work

by: Brett Porter | last post by:

Hi, I have many, many forms that use all of the different form validation controls. These work great on my local server however I have just been alerted to the fact that the form validation doesn't work at all on the web server causing all sorts of differing problems. I would assume that it has something to do with the JavaScript for the client side form validation however this is as far as I get.

ASP.NET

2565

document.form.submit() doesn't work for large form fields

by: alan_atwood | last post by:

Hello all. I am having a problem with the submit() method that is driving me nuts. I'm using document.form.submit() with large text fields (approx. 2000 characters) and am getting a "Invalid Syntax" error. If I do the same thing with a text field of under 1500 characters, it works fine. Is there some size limit here that I don't know about? Haven't been able to find anything so far on this particular problem. Thanks,

Javascript

2266

Sometimes when I attempt to refresh records in a subform control on the main form - it doesn't work

by: MLH | last post by:

I don't always get what I want when I invoke the following Me!MySubFormControl.Refresh from code running in the main form. Am I doing something wrong here? Someone suggested that I open the subform itself (as a separate form) in hidden view anytime I open the main form and attempt my refreshes there. I think that is somewhat redundant and can't be what MicroSoft intended.

Microsoft Access / VBA

1819

loading form dynamically doesn't work

by: moho | last post by:

Hi I'm trying to load a form into a div (that's hidden and then set to visible) = the form gets a page and stores it inside. I activate it by pressing a button. Then the div will fill in some values in the form elements that it has. however this doesn't work. the page is loaded but document.getElementById doesn't find it. When I look in the HTML it's all there.

Javascript

3064

Form.TransparencyKey doesn't work...

by: VMI | last post by:

I have a Windows Form and, for its BackgroundImage, I put an all-white bitmap (opened mspaint, and immediately saved as bmp). Then I set the TransparencyKey property to White (I also added it in the Form_Load). For some reason I still can't see "through" the Form. Am I doing something wrong? The RightToLeftLayout property is set to False. On the other hand, if I remove the background image and set Form.BackColor to White, it'll work. I'm...

C# / C Sharp

2726

AJAX&PHP form validation doesn't work

by: liams | last post by:

Hi, I recently learned how to use AJAX, but I'm having a problem with it. What I'm trying to do is validate a form with PHP, and write the output of the validation in the same page. From the last question I have asked in bytes.com, I was introduced to AJAX(well, I always knew it, but I never used it). So, I wrote the following code accordingly: index.html: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"...

Javascript

10153

What is ONU?

by: marktang | last post by:

ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...

General

9981

Changing the language in Windows 10

by: Hystou | last post by:

Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...

Windows Server

11558

Problem With Comparison Operator <=> in G++

by: Oralloy | last post by:

Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...

C / C++

11334

The easy way to turn off automatic updates for Windows 10/11

by: Hystou | last post by:

Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...

Windows Server

8248

Access Europe - Using VBA to create a class based on a table - Wed 1 May

by: isladogs | last post by:

The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...

Microsoft Access / VBA

6111

Trying to create a lan-to-lan vpn between two differents networks

by: TSSRALBI | last post by:

Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...

Networking - Hardware / Configuration

6330

Windows Forms - .Net 8.0

by: adsilva | last post by:

A Windows Forms form does not have the event Unload, like VB6. What one acts like?

Visual Basic .NET

4939

transfer the data from one system to another through ip address

by: 6302768590 | last post by:

Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system

C# / C Sharp

3539

Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy

by: bsmnconsultancy | last post by:

In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

General