Getting form posted values using $var not $_POST['var']

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Ruski
Forum Commoner
Posts: 28
Joined: Thu May 26, 2005 3:45 am

Getting form posted values using $var not $_POST['var']

Post by Ruski »

Hi friends,

I have a little problem. Just switched server and most of my code is broken due to a lot of form posted variables being retrived by using its variable name e.g:

Code: Select all

$variable = $variable;
and not

Code: Select all

$variable = $_POST['variable'];
I was wandering what is the name of the php config that I can alter to enable my code to work in such a way again.

Thanks in advance
Turv
Forum Commoner
Posts: 25
Joined: Fri Mar 13, 2009 3:56 pm

Re: Getting form posted values using $var not $_POST['var']

Post by Turv »

Ruski wrote:Hi friends,

I have a little problem. Just switched server and most of my code is broken due to a lot of form posted variables being retrived by using its variable name e.g:

Code: Select all

$variable = $variable;
and not

Code: Select all

$variable = $_POST['variable'];
I was wandering what is the name of the php config that I can alter to enable my code to work in such a way again.

Thanks in advance

Code: Select all

 
foreach($_POST as $key => $val)
    $$key = $val;
 
Put that at the top of your script somewhere and any values that are posted such as $_POST['variable'] will be accessible using $variable;
User avatar
AbraCadaver
DevNet Master
Posts: 2572
Joined: Mon Feb 24, 2003 10:12 am
Location: The Republic of Texas
Contact:

Re: Getting form posted values using $var not $_POST['var']

Post by AbraCadaver »

The setting in php.ini is register_globals. This is not safe to have on, especially if your code is not secure.

Rather than looping through the POST data, you can use that functions that were designed for this: import_request_variables() or extract(). This is just as insecure as register_globals though.

The loop is only handy if you do some validation/sanitizing there, which is probably a good idea.
mysql_function(): WARNING: This extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQLextension should be used. See also MySQL: choosing an API guide and related FAQ for more information.
Post Reply