By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
432,569 Members | 1,358 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 432,569 IT Pros & Developers. It's quick & easy.

Form Post Doesn't Work

P: n/a
I have RH9 Linux with the versions of Apache and PHP that came with
it. The PHP is version 4.2.2 on the CD, I believe. Apache, I think, is
version 2.0.

I found I can do some regular PHP stuff like pull data back from MySQL
and show it, but posting form data from one web form to another web
page simply doesn't work for some reason. Has anyone seen this?

Example:

## INDEX.PHP ##
<html><head></head><body>
<form action="process.php" method="post">
<input type="text" name="username">
<input type="submit" value="Test">
</form>
</body></html>

## PROCESS.PHP ##
<?php
echo "You entered your username as $username.";
?>

The result I get is:

You entered your username as.

What's the catch?
Jul 17 '05 #1
Share this Question
Share on Google+
5 Replies


P: n/a
Google Mike wrote:
<?php
echo "You entered your username as $username.";
?>


Try
<?php
echo "You entered your username as ${_POST[username]}";
?>

and check out
http://www.php.net/manual/en/securit...terglobals.php
--
I have a spam filter working.
To mail me include "urkxvq" (with or without the quotes)
in the subject line, or your mail will be ruthlessly discarded.
Jul 17 '05 #2

P: n/a
go********@hotpop.com (Google Mike) schrieb:
## INDEX.PHP ##
<html><head></head><body>
<form action="process.php" method="post">
<input type="text" name="username">
<input type="submit" value="Test">
</form>
</body></html>

## PROCESS.PHP ##
<?php
echo "You entered your username as $username.";
?>

The result I get is:

You entered your username as.

What's the catch?


This should work:

## PROCESS.PHP ##
<?php
echo "You entered your username as $_POST['username'].";
?>

Your code will work, if register_globals is activated. By default it is
deactivated and activating it might lead to severe security leaks.
See http://www.php.net/manual/en/securit...terglobals.php for
details.

Have a look at the PHP Superglobals in the documentation at
http://www.php.net/manual/en/languag...predefined.php to see
how it should be done.

Regards,
Matthias
Jul 17 '05 #3

P: n/a
Matthias Esken <mu******************@usenetverwaltung.org> wrote in message
Your code will work, if register_globals is activated. By default it is
deactivated and activating it might lead to severe security leaks.
See http://www.php.net/manual/en/securit...terglobals.php for
details.

Have a look at the PHP Superglobals in the documentation at
http://www.php.net/manual/en/languag...predefined.php to see
how it should be done.


To Matthias and Pedro. I really appreciate your quick reply, but I was
shocked to see this answer from the contributors of PHP that you so
kindly relayed to me. This is certainly distressing, don't you think?
I mean, now we have to use this convoluted method with the _ vars to
get stuff, particularly _POST. Usually from what I have read about C,
when something begins with _, it's usually meant that you weren't
supposed to call it.

Here's my spin. Perhaps the PHP team found out about the security
problem, and this put PHP in a dangerous situation, so they decided to
use the fallback with the underscore var technique as an emergency.

Do you see how countless developers will begin writing stuff for this
rev. of PHP, using the _POST technique, and it certainly could be
deprecated in the near future, putting all those projects at risk of a
rewrite?

My commentary to the PHP team is to remedy the situation rapidly. It's
not a big thing that they should do. I believe they should write
another routine that abstracts the _POST routine with a non-underscore
var, such as, dare I say, 'Request("username")', and that way they can
change the underscore vars on a whim without breaking anyone's code.

Either that, or permit PHP developers to use C-like macros so that we
can rename _POST with Request.

But, saying this, please understand I'm a newbie to PHP. My skills are
in C, VB, ASP, JSP and have recently been impressed with some of the
features of PHP. My commentary is not a seasoned one and I welcome
your opinions to educate me on why things are the way they are.
Jul 17 '05 #4

P: n/a

On 7-Oct-2003, go********@hotpop.com (Google Mike) wrote:
Matthias Esken <mu******************@usenetverwaltung.org> wrote in
message
Your code will work, if register_globals is activated. By default it is
deactivated and activating it might lead to severe security leaks.
See http://www.php.net/manual/en/securit...terglobals.php for
details.

Have a look at the PHP Superglobals in the documentation at
http://www.php.net/manual/en/languag...predefined.php to see
how it should be done.


To Matthias and Pedro. I really appreciate your quick reply, but I was
shocked to see this answer from the contributors of PHP that you so
kindly relayed to me. This is certainly distressing, don't you think?
I mean, now we have to use this convoluted method with the _ vars to
get stuff, particularly _POST. Usually from what I have read about C,
when something begins with _, it's usually meant that you weren't
supposed to call it.

Here's my spin. Perhaps the PHP team found out about the security
problem, and this put PHP in a dangerous situation, so they decided to
use the fallback with the underscore var technique as an emergency.

Do you see how countless developers will begin writing stuff for this
rev. of PHP, using the _POST technique, and it certainly could be
deprecated in the near future, putting all those projects at risk of a
rewrite?

My commentary to the PHP team is to remedy the situation rapidly. It's
not a big thing that they should do. I believe they should write
another routine that abstracts the _POST routine with a non-underscore
var, such as, dare I say, 'Request("username")', and that way they can
change the underscore vars on a whim without breaking anyone's code.

Either that, or permit PHP developers to use C-like macros so that we
can rename _POST with Request.

But, saying this, please understand I'm a newbie to PHP. My skills are
in C, VB, ASP, JSP and have recently been impressed with some of the
features of PHP. My commentary is not a seasoned one and I welcome
your opinions to educate me on why things are the way they are.


I think you misunderstand the leading underscore even in the context of C,
etc. The leading underscore on variable and function names is to separate
the global namespace of the system/compiler/language from the application.
Had C been created with this in mind, most of the stdlib functions would
start with _. There's nothing convoluted or weird about accessing a 'system'
variable like $_POST, it's functionally no different than if it was called
$post, it just avoids breaking any existing application that used $post as a
variable. It's unlikely that $_POST will be changed or depreciated anytime
soon, certainly not on a whim.

The security problem you refer to was not a flaw in PHP as much as a
potential risk if good coding practices weren't followed. To encourage good
coding, register_globals was defaulted to off and the superglobals like
$_POST were created to make good programming easier.

Abstracting $_POST to something else will add to the confusion, create
potential namespace problems and solve nothing. If you want to abstract it
for yourself, I suggest you create an include file that does so.

--
Tom Thackrey
www.creative-light.com
tom (at) creative (dash) light (dot) com
do NOT send email to ja*********@willglen.net (it's reserved for spammers)
Jul 17 '05 #5

P: n/a
Thanks, Tom, for clearing that up. I had some misconceptions. I have
abstracted $_POST now as Request() and it's working great.
Jul 17 '05 #6

This discussion thread is closed

Replies have been disabled for this discussion.