This is because you need to use the
$_POST or
$_GET arrays to read data posted to PHP by a
<form>. Which on you should use depends on the "method" attribute of the form.
In your case, you should use
$_POST:
- $userName = $_POST['userName'];
-
print "<h3>Hi there, $userName</h3>";
Also, for future reference, when you print "external" or "unsafe" data -- which is basically everything that is not "hard coded" into your code -- into a HTML page, you should run it through
htmlentities before printing it.
- $userName = htmlentities($_POST['userName'], ENT_QUOTES, "ISO-8859-1");
-
print "<h3>Hi there, $userName</h3>";
(Note that if you use a different charset, like UTF-8, you need to change the third parameter to reflect that.)
P.S.
What you did in your code
is possible, using the now obsolete
register_globals directive. But that feature has been made deprecated for security reasons and will be removed in future versions of PHP, so it is a bad idea to keep using it.
P.P.S.
I've split this question from your other thread into it's own thread. Please post new questions in new threads.