Passing Variables and Echoing them

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
RichGags
Forum Newbie
Posts: 9
Joined: Tue Jan 04, 2005 8:13 pm

Passing Variables and Echoing them

Post by RichGags »

Hi. I am a novice at PHP but Im learning.

I created a form page that accepts some input and posts some variables to a php page. It is a text messaging api that runs via Twilio which is a MMS service I signed up for. They supplied me with the parameters and the php page which gets called in my post page. My form is..

Code: Select all

<form action="sendit.php" method="post" name="form1">
<table>
	<tr>
		<td align="right">Phone:</td>
		<td><input type="text" name="phone" value=""></td>
	</tr>
    <tr>
		<td align="right">Your Message:</td>
		<td><input type="text" name="mymessage" value=""></td>
	</tr>
           
	<tr>
		<td align="right"><input type="submit" value="Submit" name="submit"></td>
	</tr>
</table>
</form>
sendit.php looks like...

Code: Select all

<?php
// this line loads the library 
require('Services/Twilio.php'); 
 
$account_sid = 'xxxxx'; 
$auth_token = 'xxxxx'; 
$client = new Services_Twilio($account_sid, $auth_token); 

	$myto["phone"]    = $_POST["phone"];
	$mybody["mymessage"]    = $_POST["mymessage"];
;
$client->account->messages->create(array( 
	'To' => $myto, 
	'From' => "+19145551212", 
	'Body' => $mybody,   
));
 echo 'Sent ' .$_POST["mymessage"]. ' to '.$_POST["phone"];
This is working and it sends a text message to the number in $myto ... but Im not sure if it is proper coding technique to use the $_POST["mymessage"] again down there. I originally tried ...

Code: Select all

echo 'Sent ' .$mybody. ' to '.$myto;
but that resulted in an echo that looked like this: Sent Array to Array.

So my first question is - Why cant I use my variables in an echo?

My 2nd question which will just make my life easier is: How can I send the phone number I would like to send the text message to the form (<input type="text" name="phone" value="">) from a link in an email so that it automatically gets filled in?

Thanks!
User avatar
Celauran
Moderator
Posts: 6427
Joined: Tue Nov 09, 2010 2:39 pm
Location: Montreal, Canada

Re: Passing Variables and Echoing them

Post by Celauran »

The trouble is that you're trying to echo arrays. You're saving $_POST['phone'] in $myto['phone'], so you'd need to echo $myto['phone'] rather than just $myto.
RichGags
Forum Newbie
Posts: 9
Joined: Tue Jan 04, 2005 8:13 pm

Re: Passing Variables and Echoing them

Post by RichGags »

Thanks. Is it ok to leave it the way it is since it is working? or is it better to use the variable instead of the POST?
User avatar
Celauran
Moderator
Posts: 6427
Joined: Tue Nov 09, 2010 2:39 pm
Location: Montreal, Canada

Re: Passing Variables and Echoing them

Post by Celauran »

Makes no difference. They contain the exact same value.
RichGags
Forum Newbie
Posts: 9
Joined: Tue Jan 04, 2005 8:13 pm

Re: Passing Variables and Echoing them

Post by RichGags »

Thanks for your help!
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Re: Passing Variables and Echoing them

Post by Christopher »

You need validate and filter $_POST["phone"] and $_POST["mymessage"] before using them. And encode HTML characters in them before echoing them. This script is very hackable.
(#10850)
RichGags
Forum Newbie
Posts: 9
Joined: Tue Jan 04, 2005 8:13 pm

Re: Passing Variables and Echoing them

Post by RichGags »

What do you mean? Im not familiar with validation and encoding. Thanks.
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Re: Passing Variables and Echoing them

Post by Christopher »

You accept a string of characters from the Internet and then echo them back verbatim. There are many exploits that inject Javascript, etc. into you page. There may also be mail system exploits since you are putting the string into the email as well.

http://www.sitepoint.com/input-validati ... functions/
(#10850)
Post Reply