hello,

I am using the examples in the book:
PHP: Your Visual Blueprint For Creating Open Source, Server Side Content

In the section where they talk about getting values from a form
submission, the book says:

"PHP makes it easy to process data from a form. When a PHP
page receives form information, the page automatically converts
the names of form elements to PHP variables, and assigns
the data entered in the elements to the variables"

So I try to display what was submitted, but I get an undefined
variable error.

For example,

<? php
print "the ID you entered was: ";
print $userid;
?>

This returns an error. But, if I use the following it works:

<? php
print "the ID you entered was: ";
print $HTTP_POST_VARS['userid'];
?>

Can someone explain this?

One more example:

I'm trying to simply display a session ID (using the example in the book):

<?php
session_start();
?>

<html>
<head>
<title>PHP Session Test</title>
</head>
<body>

<?php
print "The session ID is: ";
print $PHPSESSID;
?>

</body>
</html>

When I access this page I get:

The session ID is:
Notice: Undefined variable: PHPSESSID in c:\inetpub\wwwroot\sessiontest.php
on line 13

Why do I get this error? This is the exact example from the book.

Thanks for your help.

    Your book's examples are 100% correct... if you're using an older version of PHP. Current versions come with register_globals = OFF, which explains one of your problems.

    Check out this link for details:
    http://www.php.net/manual/en/security.globals.php

    And get a new book. Probably anything after 2002--make it 2003 or later to be safe.

      All POST name/value pairs are passed in the Header to a page that is called using the POST method.

      In PHP they are contained in the $HTTP_POST_VARS[] array.

      If in u r form have set the method to POST, then the only way to retrieve the values is by using $HTTP_POST_VARS.

      On the otherhand if you go to php.ini and change the value of register_globals to On, then you will be able to get the value of userid simply by using "print $userid"

      It is not recommended that you turn on register_globals though.

      For your next question .... to print the session id use the function session_id() as

      print session_id();

      Hope this helps :-)

        Shamly, you said that it is not recommended to use global on. Why not? What could happen if you have it on.

        And second question, why has the variable calling synthax changed in version 5? ($HTTP_POST_VARS to $_POST,...) Just to make it shorter? The use is identical, right?

        (from planetsim's sticky)
        echo $name; //THIS WON'T WORK!
        echo $_POST['FName']; //This returns the value entered in Script One

        OR PHP <5
        echo $HTTP_POST_VARS['FName']; //Does this work?

          One interesting feature of PHP that can be used to enhance security is configuring PHP with the "register_globals" directive set to "Off". When set to "on", register_globals will inject your scripts will all sorts of variables, like request variables from HTML forms.

          This coupled with the fact that PHP doesn't require variable initialization means writing insecure code is that much easier.

          Also it is difficult to differentiate between a post variable and a get variable. This will be a headache when trying to modify the code as u tend to loose track of the code after some time.

          $HTTP_POST_VARS was used in the older versions of PHP. php 4.3 supports both $_POST & $HTTP_POST_VARS methods and i have used both quite frequently.

          $HTTP_POST_VARS['FName'] will work for php < 5
          By the way echo $name should be echo $fname :-), and it will work if you have register globals on.

            thanks for the replies. i just bought a new book that covers PHP5.

              Write a Reply...