In my html file, I have a form:
<form method = "post" action="database.php">
<p>First Name: <input type="text" name="first" />
<p>Last Name: <input type="text" name="last" />
<p>Username: <input type="text" name="username" />
<p>Password: <input type="password" name="pass" />
<p>URL: <input type="text" name="address" />
<p><input type = "submit" value = "Submit" />
</form>

...and then in my database.php file,
$query = "insert into user values('".$first."','".$last."','".$username."','".$pass."','".$address."')";
OR
$query = "insert into user values ('$first','$last','$username','$pass','$address')"

when i use either of these 2 queries, my table gets updated with blank values. if i hardcode a value into one of the variables like $first="Bill" then that gets added into the database. So for some reason the form in the html document seems to be posting blank values to the php file. Any ideas why this would be happening ?

    Probably because register_globals are turned off, so you need to use $POST{'first'} , $POST['last'] et cetera. You are using old code that depends on them being turned on. They have been turned off by default since PHP 4.2.0 to see if they are turned on or off do a phpinfo() or if you know what version PHP you are running this would explain it.

      ive tried that too...doesnt work..
      $first=$POST['first'];
      $last="Coder";
      $username=$      POST["username"];
      $pass = $POST["pass"];
      $address = $      POST{'address'};
      i tried all these just to make sure if there was something wrong with the syntax....but only the value in $last was written into the database...all the other fields remained empty
      im currently running php 4.0.6 .....could that be the reason ?? im new to php and downloaded the phpdev package as i was having difficulties setting up the latest versions of php, mysql and apache on my own...everything else works fine except for the variable coming from the form
      thanks

        echo out your $_POST variables at the top of the script send error messages on connect and select database e.g.

        $connect=mysql_connect('localhost','root','fakepass')
	or die("Could not connect to server ".mysql_error());
$db=mysql_select_db("test",$connect)
	or die("Could not select database".mysql_error());

        at least until you can see what is going on. also echo your query to see what is actually being seen by MySQL like

        $query = "insert into user values ('$first','$last','$username','$pass','$address')"//for less typing and less possibility of error
echo $query;

          This is what i get when i echo the query:
          insert into user values('','Coder','','','') // -->'Coder' was hardcoded within the php file

          It doesnt give any other errors as it connects and updates the database successfully (although with blank values)

          Echoing the variables gives nothing...which would mean the values are not being sent from the form to the php file ?

            Are you using $_POST['first'] etc. or are you using $first, oneis right depending on register globals being off or on or possibly register_long_arrays being off or on.

              yes im using $_POST['first'] etc...i tried it both ways....makes no difference

                And whe you echo the variables right off the bat they are also empty prior to the database operations no matter whether you use $first or $_POST['first']?

                  There is one other thing since these do not seem to want to co operate for the fun try
                  $HTTP_POST_VARS['first'] and so on because something is really not adding up, and just for even more fun try $_REQUEST['first'] and if that doesn;t work I am at a loss altogether.

                    WOOOOHOOOOOOOO!!
                    $HTTP_POST_VARS['first']; worked !!

                    thanks a lot mate !!

                    btw, would you know why i was required to use $http_post_vars instead of $_post ?

                      Check your register_globals and register_long_arrays in your phpinfo(), also check your version of PHP I use register_globals off and register_long_arrays_on I think with them on I can use either $POST or $HTTP_POST_VARS but have never even tried but now I will cause you have me scratching my knotty head trying to figuure it myself. $REQUEST or $HTTP_REQUEST_VARS shoudlhold all post get and cookie variables.

                        its still like my 2nd day working with php so i dont know much about it...when i phpinfo() it shows register_globals as off....but in my php configuration file, register_globals=on
                        i dont know how it works....but would I have portability issues if my codes have $http_post_vars instead of $_post ?

                          Apparently the php.ini you are looking at is not the "active" php.ini file php comes with two of them one very restrictive with almost nothing enabled called php.ini-dist and another called php.ini-recommended these are in the php folder and you would take one of the two and use them renamed as php.ini in whatever place that your server knows where they are. So you probably have another php.ini (not the one that you are looking at) or PHP has its own default that it will use if it can't find the file. You might need to look over your install and move a php.ini where the webserver knows where it is.

                            what you're saying makes sense as my WINDOWS folder had a php.ini where the global_vars were turned off...and i was looking at the php.ini in the php folder where the global_vars shown as being on....i replaced the file in the WINDOWS folder with the other one and tried running the script without the $HTTP_POST_VARS and it works !
                            Thanks !!

                              What is the best practice though ? using $_POST or $HTTP_POST_VARS or neither ??

                                Another one...how do these variables work with page redirection ?

                                // this page has $uername & $password
                                if (mysql_num_rows($result) == 1) {
                                $url="valid.php";
                                } else {
                                $url="invalid.php";
                                }
                                mysql_close( $database );
                                echo '<META HTTP-EQUIV=Refresh CONTENT="0; URL='.$url.'">';

                                the variables present on this page are not sent over to the redirected pages. any ideas how i could use the $username on valid.php ?
                                thanks

                                  alsinha wrote:

                                  Another one...how do these variables work with page redirection ?

                                  // this page has $uername & $password
                                  if (mysql_num_rows($result) == 1) {
                                  $url="valid.php";
                                  } else {
                                  $url="invalid.php";
                                  }
                                  mysql_close( $database );
                                  echo '<META HTTP-EQUIV=Refresh CONTENT="0; URL='.$url.'">';

                                  the variables present on this page are not sent over to the redirected pages. any ideas how i could use the $username on valid.php ?
                                  thanks

                                  nevermind
                                  i got it to work with $url = "valid.php?login=$username"
                                  and then had to use $HTTP_GET_VARS in the other file.....ince again $_GET didnt work though...
                                  im kinda confused..but its working 🙂

                                    Now you can use the $_POST instead of $HTTP_POST_VARS. Also now you know which file to edit if you want to make changes to your PHPs behavior. If there is no output on the page you can use the header() function e.g.

                                    <?php
//some code that processes a form and put stuff into database 
//then when processing is complete send them to another page with a header() as below
header("Location: valid.php?login=$username");
exit;
?>

                                      the page does have some content on it...so im using the $url="valid.php?login=$username"; and then i sed $_GET but it didnt work...$HTTP_GET_VARS works fine though
                                      would there be an alternative ? something more secure ? anyway i could POST the variable while redirecting from one php page to another ?
                                      thanks

                                        Write a Reply...