Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In with Facebook Sign In with Google Sign In with OpenID

Categories

We have migrated to a new platform! Please note that you will need to reset your password to log in (your credentials are still in-tact though). Please contact lee@programmersheaven.com if you have questions.
Welcome to the new platform of Programmer's Heaven! We apologize for the inconvenience caused, if you visited us from a broken link of the previous version. The main reason to move to a new platform is to provide more effective and collaborative experience to you all. Please feel free to experience the new platform and use its exciting features. Contact us for any issue that you need to get clarified. We are more than happy to help you.

Unable to Pass Variables from Form to PHP Script

therookietherookie Posts: 2Member
Hi-
I have a very simple form basically creating the URL file:///Users/Atakan/Sites/Test/calc.php?Q5=Q5A4&regionName=All
As you see there are two parameter values (Q5 and regionName) that I am pass to the script named "calc.php". For some reason when I issue echo statements as easy as:
echo $Q5;
echo $regionName;
I am getting nothing back. I am totally puzzled as to why the script is not recognizing the variables passed to it.
Can anyone help please?
Thanks.
Atakan

Comments

  • emperoremperor Posts: 59Member
    One explanation is that register_globals is set to "off" which means you need to use $_GET['var'] instead of $var. However I couldn't help noticing the URL was

    file:///Users/Atakan/Sites/Test/calc.php?Q5=Q5A4&regionName=All

    ...are you even running the page from a web server? Loading a PHP page straight into the browser will hide all the code as the browser doesn't know how to parse anything between the <?php ?> tags.
  • therookietherookie Posts: 2Member
    Thank you for your prompt reply. I do have this web server set up on my Mac OS X machine and not simply trying to open up the calc.php file from the browser. I did not know anything about the register_globals settings until this point and will try $_GET['var'] method. This m,ay solve the problem. Or alternatively I suppose I can try and find the register_global setting and turn it on. Where would that be?
    Thanks again...
    : One explanation is that register_globals is set to "off" which means you need to use $_GET['var'] instead of $var. However I couldn't help noticing the URL was
    :
    : file:///Users/Atakan/Sites/Test/calc.php?Q5=Q5A4&regionName=All
    :
    : ...are you even running the page from a web server? Loading a PHP page straight into the browser will hide all the code as the browser doesn't know how to parse anything between the <?php ?> tags.
    :

  • JonathanJonathan Posts: 2,914Member
    : Thank you for your prompt reply. I do have this web server set up on my Mac OS X machine and not simply trying to open up the calc.php file from the browser. I did not know anything about the register_globals settings until this point and will try $_GET['var'] method. This m,ay solve the problem. Or alternatively I suppose I can try and find the register_global setting and turn it on. Where would that be?
    :
    It's in a file called php.ini, but I strongly advise that you don't turn it on. It's a massive security hole and probably the worst "feature" they ever put in PHP. The $_GET['var'] method is much safer. :-)

    Jonathan


    ###
    for(74,117,115,116){$::a.=chr};(($_.='qwertyui')&&
    (tr/yuiqwert/her anot/))for($::b);for($::c){$_.=$^X;
    /(p.{2}l)/;$_=$1}$::b=~/(..)$/;print("$::a$::b $::c hack$1.");

  • emperoremperor Posts: 59Member
    : Thank you for your prompt reply. I do have this web server set up on my Mac OS X machine and not simply trying to open up the calc.php file from the browser.

    Just that some people have been known to do this(!) I suspected you hadn't, didn't mean to take you for an idiot :)
  • CoryCory Posts: 221Member
    [b][red]This message was edited by Cory at 2004-1-6 10:31:42[/red][/b][hr]
    : : Thank you for your prompt reply. I do have this web server set up on my Mac OS X machine and not simply trying to open up the calc.php file from the browser. I did not know anything about the register_globals settings until this point and will try $_GET['var'] method. This m,ay solve the problem. Or alternatively I suppose I can try and find the register_global setting and turn it on. Where would that be?
    : :
    : It's in a file called php.ini, but I strongly advise that you don't turn it on. [b]It's a massive security hole and probably the worst "feature" they ever put in PHP[/b]. The $_GET['var'] method is much safer. :-)
    :
    : Jonathan
    :
    :
    : ###
    : for(74,117,115,116){$::a.=chr};(($_.='qwertyui')&&
    : (tr/yuiqwert/her anot/))for($::b);for($::c){$_.=$^X;
    : /(p.{2}l)/;$_=$1}$::b=~/(..)$/;print("$::a$::b $::c hack$1.");
    :
    :

    Johnathan, I Agree With That. But Isnt It You That Argured With Me For A Long Time Saying That Globals = decent and, unless you're very stupid, relatively safe way to access variables.

    Just Curious,
    What Made You Change Your Mind?
  • JonathanJonathan Posts: 2,914Member
    : [b][red]This message was edited by Cory at 2004-1-6 10:31:42[/red][/b][hr]
    : : : Thank you for your prompt reply. I do have this web server set up on my Mac OS X machine and not simply trying to open up the calc.php file from the browser. I did not know anything about the register_globals settings until this point and will try $_GET['var'] method. This m,ay solve the problem. Or alternatively I suppose I can try and find the register_global setting and turn it on. Where would that be?
    : : :
    : : It's in a file called php.ini, but I strongly advise that you don't turn it on. [b]It's a massive security hole and probably the worst "feature" they ever put in PHP[/b]. The $_GET['var'] method is much safer. :-)
    : :
    : : Jonathan
    : :
    : :
    : : ###
    : : for(74,117,115,116){$::a.=chr};(($_.='qwertyui')&&
    : : (tr/yuiqwert/her anot/))for($::b);for($::c){$_.=$^X;
    : : /(p.{2}l)/;$_=$1}$::b=~/(..)$/;print("$::a$::b $::c hack$1.");
    : :
    : :
    :
    : Johnathan, I Agree With That. But Isnt It You That Argured With Me For A Long Time Saying That Globals = decent and, unless you're very stupid, relatively safe way to access variables.
    :
    : Just Curious,
    : What Made You Change Your Mind?
    :
    Maybe I mis-spoke, maybe you mis-interpreted what I said, maybe it was someone else saying auto globals were good. There was a big debate about this a while back, and my opinion hasn't changed. Either way, to set the record straight on what I think...

    I agree that the $_GET[...], $_POST[...] etc global *arrays* are a good way to access form data. It's similar to the way I do things in my Perl scripts, apart from we have a different syntax for indexed and associative arrays in Perl whereas PHP treats them, on the surface at least, as the same thing. These are safe because user inputted data is stashed away inside a data structure. I think that PHP has other arrays that contain the form and cookie and environment data too. That's fine for the same reasons.

    The thing I don't like is the method where you put:-
    something.php?a=1&b=2
    And then you have $a containing 1 and $b containing 2. This is because an outsider can create variables freely that exist from the start of execution. Thus if you have code like:-

    [code]if (userIsValid($user, $pass) != 0) {
    $authenticated = 1;
    }

    if ($authenticated == 1) {
    ...
    }[/code]

    Now, normally that would be fine because in PHP variables have a default (numecial) value of zero. You can assume that. However, what if a user writes in their browser:-

    something.php?a=1&b=2&authenticated=1

    Then $authenticated is created and set to 1 before execution of the code begins.

    I agree that if you write your code well and you do initialise all variables properly you can safely use the auto globals feature. Trouble is, we're human. And we make mistakes. And at some point in time, we'll forget to initialise the variable. Also PHP is very much a newbie language (not saying it's only for newbie programmers, just that it's the first language learnt by many people these days). You may be a good programmer who would rarely make the mistake, but a lot of new programmers won't even think about things like that. On balance, I think the potential problems are enough to render it as a Bad Thing.

    The other issue on the side I had with it is what happens when you have an item of form data and a cookie with the same name, but that's secondary to my security concerns.

    Hope this clears things up,

    Jonathan

    ###
    for(74,117,115,116){$::a.=chr};(($_.='qwertyui')&&
    (tr/yuiqwert/her anot/))for($::b);for($::c){$_.=$^X;
    /(p.{2}l)/;$_=$1}$::b=~/(..)$/;print("$::a$::b $::c hack$1.");

Sign In or Register to comment.