Need help integrating form validation.

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
dissonantallure
Forum Newbie
Posts: 21
Joined: Tue Feb 03, 2009 7:48 pm

Need help integrating form validation.

Post by dissonantallure »

I have a simple script which should pass the variable $Name from Pass.php to Pass2.php, but for some reason on Pass2.php $Name is Undefined. Here is my script:

Pass.php

Code: Select all

<?php 
$Name = $_POST['Name'];
 
if (!empty($Name)) {
header("Location: pass2.php");
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>SC Form Version 1.0</title>
<script type="text/javascript" src="SCscript.js"></script>
<link rel="stylesheet" type="text/css" href="SCstyle.css" />
</head>
<body>
<form action="pass.php" method="post">
<?php 
foreach ($_POST as $key => $val) {
echo '<input type="hidden" name="' . $key . '" value="' . $val . '" />' . "\r\n";
}
?>
  <span>Name:<input type="text" name="Name" /></span><br />
  <input type="submit" name="Submit" value="Step 2" /><br />
</form>
</body>
</html>
Pass2.php

Code: Select all

<?php
$Name = $_POST['Name'];
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>
<body>
<?php
echo $Name;
?>
</body>
</html>
Can anyone tell me why my code isn't working?
svt
Forum Newbie
Posts: 1
Joined: Thu Aug 06, 2009 12:38 am

Re: Need help integrating form validation.

Post by svt »

This will help you, I have make it little more simple, the reason was you were using post instead of get method on page pass2.php

pass1.php

<?php
$Name = $_POST['Name'];

if (!empty($Name)) {
header("Location: pass2.php?Name=$Name");
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>SC Form Version 1.0</title>
<link rel="stylesheet" type="text/css" href="SCstyle.css" />
</head>
<body>
<form action="?" method="post">
<span>Name:<input type="text" name="Name" /></span><br />
<input type="submit" name="Submit" value="Step 2" /><br />
</form>
</body>
</html>




pass2.php

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>
<body>
<?php
$Name = $_GET['Name'];
echo $Name;
?>
</body>
</html>
User avatar
kaisellgren
DevNet Resident
Posts: 1675
Joined: Sat Jan 07, 2006 5:52 am
Location: Lahti, Finland.

Re: Need help integrating form validation.

Post by kaisellgren »

The POST value will not be automatically passed. Using GET as shown above is probably the simplest way to do it. Alternatively, have a look at Sessions (http://fi.php.net/manual/en/book.session.php).

On a side note, your script is vulnerable to XSS. You are directly passing user supplied data on your form.
Post Reply