Page 1 of 1

IIS, PHP, Mysql and not passing variables in HTML Forms

Posted: Thu Jul 03, 2003 5:37 pm
by slagbanger
I have windows XP Pro, IIS 5 and PHP4 installed. It all works nicely (phpinfo() does anyway)

When i try and pass variables form a form, they do not work. Any example from the net seems to not work and my php page does not recognise that variables have been passed. I shall give you an example below. When i click submit on the form, the ?username=username&password=password getzs added on to the url, as it should but the pho dont pick it up.

This page is called mypage.php. Taken from an example that dont work:

Code: Select all

<?php 
if (isset($submit) && $submit=="yes") 
{ 
echo "Thank you for submitting the form" 
} else { 
?> 
<form action="mypage.php" action=post> 
<input type=text name=username> 
<input type=text name=password> 
<input type=submit name=submit value=yes> 
</form> 
<?php 
} 
?>
This form re appears and does not say thank you, just the url at the address bar is updated as mentioned above and the form re appears with the form like it never got submitted. Also, i have the standard install of PHP, using PHP.ini, not the php.ini-recommended, as remembered from my linux days. This does not appear with the IIS windows version, just the standard php.ini only exists. That is all. Is there a setting in there or in IIS? I have also installed lockdown for IIS, the microsoft security thing. Would this affect the situation??

Please help. I am new to php. I am amazed at the ease so far but cannot get around this problem!!! But i can use mysql happily with php!!

Posted: Thu Jul 03, 2003 7:25 pm
by m3rajk
1st off, there's a nice way to avoid issues when moving pages or changing names... use all print outs as $_SERVER[PHP_SELF]

next, it's just a formality, but you con't have any actual html in the second part.

i don't think it's actually necessary, but you also don't declare variables. try declaring them, and also "cleaning" them so you have what's passed in, not what's been created by html passing.

Code: Select all

<?php 
$username=stripslashes(rawurldecode($_POST['username']));
$password=stripslashes(rawurldecode($_POST['password']));

if (isset($username) && isset($password)) 
{ ?>
<html><head><title>if you don't see this it's probably iis or xp since ms sucks ass</title></head><body>
<p>thanks for trying the form.</p>
<p>the information recieved from you was:
<br>username: <?php echo $username; ?><br />
<br>password: <?php echo $password; ?><br />
</p></body></html>
<?php
} else { 
?><html><head><title>learning forms in php</title></head></body>
<form action="<?php echo $_SERVER[PHP_SELF]; ?>" action="post"> 
<input type="text" name="username"> 
<input type="text" name="password"> 
<input type="submit" name="submit" value="yes"> 
</form> </body></html>
<?php 
} 
?>

Posted: Fri Jul 04, 2003 3:48 am
by slagbanger
that dont work either!! this is what is output:
thanks for trying the form.

the information recieved from you was:
username:

password:

I tried to fool it by putting ?username=dan but it did not help.

This, on the other hand does work:

Code: Select all

<?php
        session_start();
        $db_user = 'root';
        $db_pass = 'password';
        $user_name = $_POST['user_name'];
        $password = $_POST['password'];

        //connect to the DB and select the "dictator" database
        $connection = mysql_connect('localhost', $db_user, $db_pass) or die(mysql_error());
        mysql_select_db('dictators', $connection) or die(mysql_error());

        //set up the query
        $query = "SELECT * FROM users
                        WHERE user_name='$user_name' AND password='$password'";

        //run the query and get the number of affected rows
        $result = mysql_query($query, $connection) or die('error making query');
        $affected_rows = mysql_num_rows($result);

        //if there's exactly one result, the user is validated. Otherwise, he's invalid
        if($affected_rows == 1) {
                print 'validated';
        }
        else {
                print 'not valid';
                print $user_name;
        }
        print '<br>User name is' .$user_name;
        print '<br>POassword is ' .$password;

        ?>
Its called from a page called login.htm that passes the variables. Why is this the only script to work?? Did i mention i am a noob