One beginner's variable problem

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
lancet2003
Forum Newbie
Posts: 20
Joined: Sat Aug 09, 2003 11:29 pm

One beginner's variable problem

Post by lancet2003 »

Hi:
following are two very short code, I am stick in the variable problem, can someone can me? THanks!

this is the code of html file I open first
<HTML>
<HEAD></HEAD>
<BODY>
<FORM method="get" action="text.php">
WHo is your favourite authors?
<INPUT name="aaa" type="text">
<br>
<br>
<input type=submit>
</FORM>
</BODY>
</HTML>

This is the code in text. php in the same root directory
<HTML>
<HEAD></HEAD>
<BODY>
Your favorite author is:
<?php
echo $aaa;
?>
</BODY>
</HTML>

when I open the first page and click submi buttont,
how the outcome shows so?

Your favorite author is:
Notice: Undefined variable: aaa in c:\inetpub\wwwroot\text.php on line 6

I think the variable has already sent to the php engine, then why can not find variable of aaa.
I am sure there is no any problem about the upper case and lower case.

Thanks
lancet2003
Forum Newbie
Posts: 20
Joined: Sat Aug 09, 2003 11:29 pm

I got it. thanks

Post by lancet2003 »

I set register_globals to on, then it is OK.
Thanks
McGruff
DevNet Master
Posts: 2893
Joined: Thu Jan 30, 2003 8:26 pm
Location: Glasgow, Scotland

Post by McGruff »

You should always have register globals off, if you have the choice.

With register globals off, the $aaa var doesn't exist - hence your undefined variable error - but it DOES exist as $_GET['aaa']. Register globals on is simply declaring all the superglobal GET vars (and others) automatically into the script's scope. That is a huge security risk if you have a carelessly written script with undefined vars or indexes.

So, turn reg globs back off and access GET vars directly from the superglobal $_GET array. While you're at it, change the form action from GET to POST: it's slightly more secure since hackers have to go to the trouble of forging a form rather than simply typing in some GET vars in the browser address bar.
User avatar
JAM
DevNet Resident
Posts: 2101
Joined: Fri Aug 08, 2003 6:53 pm
Location: Sweden
Contact:

Post by JAM »

lancet2003
Forum Newbie
Posts: 20
Joined: Sat Aug 09, 2003 11:29 pm

thanks

Post by lancet2003 »

thanks all, I got it.
Post Reply