$_post

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
loongest
Forum Commoner
Posts: 25
Joined: Wed Apr 07, 2004 12:23 pm

$_post

Post by loongest »

How to make it work?

----------insert.html--------------------
<input type=text name="testfield" >
<input type=submit name="submit" value="submit">


in the insert.php
$sql = "insert into testdb values ('', '$_POST[testfield]')";


i'd like to use $testfield instead of $_POST[testfield], so what should i gonna to do?
loongest
Forum Commoner
Posts: 25
Joined: Wed Apr 07, 2004 12:23 pm

Post by loongest »

should i change the register_globals = Off to ON ? and isit recommeded in this way ?
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

do not turn register globals on

use a safe extraction function to pull the variables out of the submission. Safe being that it doesn't generate core errors/warnings if a value doesn't exist, and sanitizes the submitted information (hopefully.)

[php_man]extract[/php_man]() can be used if you want to be extremely lazy, however it's not a safe function, entirely.. but that depends on how your code is written..
User avatar
m3mn0n
PHP Evangelist
Posts: 3548
Joined: Tue Aug 13, 2002 3:35 pm
Location: Calgary, Canada

Post by m3mn0n »

I recommend doing it the proper way.

It saves hassle and makes your code more portable if you ever change servers.

eg.

Code: Select all

<?php
if ( isset ( $_POST['testfield'] ) )
{

   $testfield = trim ( $_POST['testfield'] );


} else {


   echo "No var? No page!");
   exit ();

}
?>
It's as simple as that.

(By the way, you should use quotes for arrays since servers set to parse E_ALL will stop script execution and tell you something about an indefined constant. ;))

Some helpful research links:
[big_search]php globals post[/big_search]
denlou
Forum Newbie
Posts: 17
Joined: Fri Sep 24, 2004 7:11 pm
Location: Richmond/Vancouver, BC
Contact:

Post by denlou »

Sami wrote:
(By the way, you should use quotes for arrays since servers set to parse E_ALL will stop script execution and tell you something about an indefined constant. ;))
I suppose it's bad habit to start using error_reporting(0); at the start of scripts a lot then lol.
User avatar
twigletmac
Her Royal Site Adminness
Posts: 5371
Joined: Tue Apr 23, 2002 2:21 am
Location: Essex, UK

Post by twigletmac »

Remember as well to use [php_man]mysql_escape_string[/php_man]() - don't want any nasty SQL injection now do you?

Mac
Post Reply