Page 1 of 1

$_post

Posted: Sat Oct 09, 2004 12:41 am
by loongest
How to make it work?

----------insert.html--------------------
<input type=text name="testfield" >
<input type=submit name="submit" value="submit">


in the insert.php
$sql = "insert into testdb values ('', '$_POST[testfield]')";


i'd like to use $testfield instead of $_POST[testfield], so what should i gonna to do?

Posted: Sat Oct 09, 2004 12:47 am
by loongest
should i change the register_globals = Off to ON ? and isit recommeded in this way ?

Posted: Sat Oct 09, 2004 1:04 am
by feyd
do not turn register globals on

use a safe extraction function to pull the variables out of the submission. Safe being that it doesn't generate core errors/warnings if a value doesn't exist, and sanitizes the submitted information (hopefully.)

[php_man]extract[/php_man]() can be used if you want to be extremely lazy, however it's not a safe function, entirely.. but that depends on how your code is written..

Posted: Sat Oct 09, 2004 1:38 am
by m3mn0n
I recommend doing it the proper way.

It saves hassle and makes your code more portable if you ever change servers.

eg.

Code: Select all

<?php
if ( isset ( $_POST['testfield'] ) )
{

   $testfield = trim ( $_POST['testfield'] );


} else {


   echo "No var? No page!");
   exit ();

}
?>
It's as simple as that.

(By the way, you should use quotes for arrays since servers set to parse E_ALL will stop script execution and tell you something about an indefined constant. ;))

Some helpful research links:
[big_search]php globals post[/big_search]

Posted: Sat Oct 09, 2004 4:12 am
by denlou
Sami wrote:
(By the way, you should use quotes for arrays since servers set to parse E_ALL will stop script execution and tell you something about an indefined constant. ;))
I suppose it's bad habit to start using error_reporting(0); at the start of scripts a lot then lol.

Posted: Sat Oct 09, 2004 5:28 am
by twigletmac
Remember as well to use [php_man]mysql_escape_string[/php_man]() - don't want any nasty SQL injection now do you?

Mac