Can't pass variables with POST using a form???

anthony522

Not sure what exactly happened here but when I'm trying to pass variables from a form using "POST" I'm not able to see them. I made two very simple pages one that would take my data and another that would parse it and still have had no luck.

I'm wondering if maybe there is a PHP setting gone a rye? I recently upgraded to Mac OS 10.3 and it seemed my problems started then so maybe my installation got messed up in Apache after the upgrade (the form was working before)

Any help would be appreciated. If I'm not giving enough information, just let me know.

LordShryku

Most likely, you have register_globals turned off. Check your php.ini file.

If you access your form variables like $var instead of $_POST['var'], then register_globals should be on.

Though, you should try to code as if that was shut off

anthony522

Originally posted by LordShryku
Most likely, you have register_globals turned off. Check your php.ini file.

If you access your form variables like $var instead of $_POST['var'], then register_globals should be on.

Though, you should try to code as if that was shut off

Thanks I'll take a look....though on not sure where to find php.ini (I'm on Mac OS 10.3).

I'm guess you wouldn't want them turned on for security reasons?

Also here is my code now:

<html><head>
<title>Parser</title>
</head>
<body>
<?php   

print "Welcome <b>$user</b><p>\n\n";  

print "Your address is:<p>\n\n<b>$address</b><p>\n\n"; ?>
</body>
</html>

How would I go about converting that?

LordShryku

exactly. Say you had an admin check on one of your sites, though if you did it this way, register_globals isn't going to save you, but lets say in a session you have

admin=1 for admins
and admin=0 for users

Then at the top of your pages, you check for admins by going

if($admin == 1) {
   // do admin stuff
}

So, somone could potentially access your page like this
http://page.php?admin=1

And suddenly...they're admins!

But like I said, that's just bad coding anyway

anthony522

Originally posted by LordShryku
http://page.php?admin=1

And suddenly...they're admins!

But like I said, that's just bad coding anyway

But doesn't "POST" pass things through the server and not the URL?

Also, do you see why this would give me an error:

<html><head>
<title>Parser</title>
</head>
<body>
<?php   

print "Welcome <b>$_POST['user']</b><p>\n\n";  

print "Your address is:<p>\n\n<b>$_POST['address']</b><p>\n\n";
?>
</body>
</html>

Here's my error:

Parse error: parse error, expecting `T_STRING' or `T_VARIABLE' or `T_NUM_STRING' in

LordShryku

Well register_globals makes everything global(hence the name). So regardless if it's post, get, session, cookie, etc., it will become global. See the security problem?

Now your code. The $_POST array is a super global, so it must be removed from the string, like so

<html>
<head> 
<title>Parser</title> 
</head> 
<body> 
<?php    

print "Welcome <b>".$_POST['user']."</b><p>\n\n";   

print "Your address is:<p>\n\n<b>".$_POST['address']."</b><p>\n\n"; 
?> 
</body> 
</html>

anthony522

Awesome thank you very much.