Page 1 of 1
$_post
Posted: Sat Oct 09, 2004 12:41 am
by loongest
How to make it work?
----------insert.html--------------------
<input type=text name="testfield" >
<input type=submit name="submit" value="submit">
in the insert.php
$sql = "insert into testdb values ('', '$_POST[testfield]')";
i'd like to use $testfield instead of $_POST[testfield], so what should i gonna to do?
Posted: Sat Oct 09, 2004 12:47 am
by loongest
should i change the register_globals = Off to ON ? and isit recommeded in this way ?
Posted: Sat Oct 09, 2004 1:04 am
by feyd
do not turn register globals on
use a safe extraction function to pull the variables out of the submission. Safe being that it doesn't generate core errors/warnings if a value doesn't exist, and sanitizes the submitted information (hopefully.)
[php_man]extract[/php_man]() can be used if you want to be extremely lazy, however it's not a safe function, entirely.. but that depends on how your code is written..
Posted: Sat Oct 09, 2004 1:38 am
by m3mn0n
I recommend doing it the proper way.
It saves hassle and makes your code more portable if you ever change servers.
eg.
Code: Select all
<?php
if ( isset ( $_POST['testfield'] ) )
{
$testfield = trim ( $_POST['testfield'] );
} else {
echo "No var? No page!");
exit ();
}
?>
It's as simple as that.
(By the way, you should use quotes for arrays since servers set to parse E_ALL will stop script execution and tell you something about an indefined constant.
)
Some helpful research links:
[big_search]php globals post[/big_search]
Posted: Sat Oct 09, 2004 4:12 am
by denlou
Sami wrote:
(By the way, you should use quotes for arrays since servers set to parse E_ALL will stop script execution and tell you something about an indefined constant.
)
I suppose it's bad habit to start using error_reporting(0); at the start of scripts a lot then lol.
Posted: Sat Oct 09, 2004 5:28 am
by twigletmac
Remember as well to use [php_man]mysql_escape_string[/php_man]() - don't want any nasty SQL injection now do you?
Mac