Page 1 of 1
problems with form's variables
Posted: Tue Nov 09, 2004 7:50 am
by Talex80
hi all,
i've such code:
Code: Select all
<html>
<form>
Please type your name here:<br />
<input type="text" name=userName><br /><br />
<input type="submit" value="Submit data">
</form>
<br /><br />
You've typed:
<?php echo $userName; ?>
</html>
it has to work, but it's only working when i do this way
Code: Select all
<? echo $_POSTї'userName']; ?>
what's the problem? maybe some settings in php.ini needed ?
could someone help me?

Posted: Tue Nov 09, 2004 8:00 am
by jtc970
you could set your register_globals = On in php.ini
but the safer way would be to use the $_POST as you did
Posted: Tue Nov 09, 2004 8:14 am
by Talex80
thx, i'll try now
but why it's safer if in all manuals i see code withou $_POST or $_GET ?
Posted: Tue Nov 09, 2004 8:19 am
by Weirdan
Talex80 wrote:
but why it's safer
http://www.php.net/manual/en/security.globals.php
if in all manuals i see code withou $_POST or $_GET ?
those are bad manuals
Posted: Tue Nov 09, 2004 11:59 pm
by Talex80
to Weirdan:
thx

Posted: Wed Nov 10, 2004 3:51 am
by ibizconsultants
Hi Talex80,
I am afraid that I dont agree with you on the bad manuals part.
Turning register_globals to ON will help you to code faster, but this poses a security risk. I could pass variables via my browser and try to get into a system.
I suggest the use of $_POST and $_GET or $HTTP_POST_VARS and $HTTP_GET_VARS.
Regards
iBizConsultants
http://www.ibizconsultants.com
Posted: Wed Nov 10, 2004 2:10 pm
by Weirdan
ibizconsultants wrote:Hi Talex80,
I am afraid that I dont agree with you on the bad manuals part.
Actually you disagree with me.
register_globals is off by default since PHP 4.2.0 (released 22-Apr-2002,
more than 2 years ago). Manual writers should have adopted this change and change their manuals accordingly by this time. Those who haven't write bad manuals. Aren't you convinced?
Posted: Wed Nov 10, 2004 9:12 pm
by dreamfly
register_globals = Off => register_globals = On in php.ini file
Posted: Thu Nov 11, 2004 3:22 am
by phpScott
of course it could just be an old manual or old web reference that was published more then 2 years ago? But yes having register_globals = on is not a good thing for all sorts of security reasons. I remeber the headache of changing piles of code to get it to work on php 4.2 and greater.
Work to standards now as it will make your life easier in the end.