$_POST Question
Moderator: General Moderators
$_POST Question
I am wondering about the $_POST command. It seems that this command can be very forgiving and yet still bite you in the butt when you least expect it. I have created a data entry html form. When hitting the SUBMIT button, the form call itself and I validate the data. When all validations pass I then add the data from the form to a MySQL database. It seems that I don't have to $_POST the data variables from the form and my data gets stored to the database just fine. But once in awhile some of the data gets dropped. I'm wondering should you $_POST all data variables all the time for safety sake? This seems to be the prudent thing to do, but I don't understand why it works without posting at all.
Re: $_POST Question
Can you describe in detail, step-by-step, what you are doing and what the effect is when "it works without posting at all" and also when "some of the data gets dropped"?
Edit: This post was recovered from search engine cache.
Edit: This post was recovered from search engine cache.
Last edited by McInfo on Mon Jun 14, 2010 3:00 pm, edited 1 time in total.
Re: $_POST Question
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
Re: $_POST Question
Actually you are correct it is a super global and I was referring to it as a command, my bad. In my html form I have this line
<form action = "?>php echo $_SERVER['PHP_SELF'] ; ?<;" method = "post">
and this textbox line
<input type="textbox" name="TName" value="<? echo $TName ?>" >
a small example of my php code is below:
<?php
$insert = "INSERT INTO Team (TeamName) VALUES ('$TName')";
if (!mysql_query($insert))
{
echo "Data not stored";
}
else
{
echo "Data stored";
}
?>
The data seems to be stored to the Team table properly, even though I did not $_POST[] the TName variable. I thought it would be required to have something like $TName = $_POST['TName']; in order for the data to be properly stored.
I hope this makes my question more clear. Sorry for the earlier confusion.
Thanks again.
Jim
<form action = "?>php echo $_SERVER['PHP_SELF'] ; ?<;" method = "post">
and this textbox line
<input type="textbox" name="TName" value="<? echo $TName ?>" >
a small example of my php code is below:
<?php
$insert = "INSERT INTO Team (TeamName) VALUES ('$TName')";
if (!mysql_query($insert))
{
echo "Data not stored";
}
else
{
echo "Data stored";
}
?>
The data seems to be stored to the Team table properly, even though I did not $_POST[] the TName variable. I thought it would be required to have something like $TName = $_POST['TName']; in order for the data to be properly stored.
I hope this makes my question more clear. Sorry for the earlier confusion.
Thanks again.
Jim
Re: $_POST Question
Some PHP installations can have a php.ini setting set so that $_POST, $_GET, and $_COOKIE variables are automatically imported into the local namespace. The particular name of this setting escapes me at the moment. I do know that it's turned off by default - but it would appear your server has turned it back on.
For safety and future compatibility, I would do as you thought, and explicitly assign your variables from $_POST.
For safety and future compatibility, I would do as you thought, and explicitly assign your variables from $_POST.
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
Re: $_POST Question
If you can use a form input's name as a variable, you have register_globals on in your php.ini.
On a different topic, you have an error here (your PHP tags are scrambled).
Edit: This post was recovered from search engine cache.
On a different topic, you have an error here (your PHP tags are scrambled).
Code: Select all
<form action = "?>php echo $_SERVER['PHP_SELF'] ; ?<;" method = "post">
Last edited by McInfo on Mon Jun 14, 2010 3:01 pm, edited 1 time in total.
Re: $_POST Question
Thanks everyone. I thought it was something like what you all were saying and now I'm sure.
Thanks again
Thanks again