Page 2 of 2

Posted: Wed Nov 10, 2004 12:31 pm
by josh
Change $_GET's and $_POST's to $_REQUEST's and echo the values out as soon as you request them.. does that work? If nothing echoes out make sure that the variables are getting sent by going to yourscript.php?variable=test and see if it echoes out test for $variable=$_REQUEST['varialbe']; echo $variable;

Posted: Thu Nov 11, 2004 5:54 am
by Cryptkeeper
I did what you said jshpro2 and the variable echoes out correctly.
But whenever I press the OK button and submit the form the variable gets lost and in your examble 'variable' woud be empty.

Posted: Thu Nov 11, 2004 6:15 am
by CoderGoblin
Try adding the php command
var_dump($_REQUEST) ; to your code and check the array indexes.

You could also insert a hidden field into form containing the username as recommended previously.

Does the url shown when posting the form contain the user identifier ? If not insert a hidden field in your form to hold it.

Posted: Thu Nov 11, 2004 9:02 am
by josh
Create a new folder on your server and try this experiment:

file1.php

Code: Select all

<?
header("location:http://yoursite.com/folder/file2.php?test=Itworks");
?>
file2.php

Code: Select all

$test = $_REQUEST['test'];
if ($test!=NULL) {
echo "$test";
} else {
echo "There is something wrong with your server/php configuration";
}

Posted: Fri Nov 12, 2004 2:04 am
by Cryptkeeper
Thank you guys, I used the hidden field and that worked.
You are life savers!
Are there no security issues using hidden fields?

Posted: Fri Nov 12, 2004 2:46 am
by phpScott
don't put sensitive information in them that you wouldn't want other people to see as a right click view source will reveal all.

Hidden fields still get passed in the url string if they are within a form.
I'm sure there are a few more concerns but that is all that comes to the top of my head right now.

Posted: Fri Nov 12, 2004 6:04 am
by josh
Also, just because you wrote the hidden field doesnt mean some one can't play around with the info in it, even if the form uses post. They can do more then just read your fields, they can change the info in it, so never trust any inputs.