Need help fully understanding method="POST" and using it in PHP.

wowstrats

index.php:

<html>

<!--Form for user Input and Experimenting with the "POST" method-->
<form action='login.php' method='POST' />
	Username: <input type='text' name='username' /><br />
	Password: <input type='password' name='password' /><br />
	<input type='submit' value='Log In' />
</form>

<html>

login.php

<?php

//I did this so is not to get a "Notice" error... (although I'm not 100% sure what isset is for.
if ( isset($_POST['$username'])&&isset($_POST['password'])){
	$username = $_POST['$username'];
	$password = $_POST['$password'];
}else{
	//This is what keeps happening... and I want the above to happen.
	$username = "";
	$password = "";
	die("Something went terribly wrong... Contact the admin please.");
}

if($username && $password){

//I should really just make a 'connect.php' and set an include at the top of each page...
//Unless there is an easier way to ::include 'connect.php'; ?
$connect = mysql_connect("localhost","root","") or die("Couldn't connect!");
mysql_select_db("login") or die("Couldn't find database!");
$query = mysql_query("SELECT * FROM users where username='$username'");
$numrows = mysql_num_rows($query);
//As a test to see if the "connect" above worked. I usually ouput a bit of data from the database.
echo $numrows;

}else{
	//If the user didn't input the username or password.
	die("Please enter a Username <b>and</b> Password");
}

?>

I'm not quite sure what if (isset(...) is for but I do know i need it so is not to get an error.

But, my browser keeps echoing
this line: die("Something went terribly wrong... Contact the admin please.");

and I'm not sure exactly what do do anymore.

thanks in advance

nevvermind

There are a lot of resources regarding "POST" global in PHP.

For starters, let's make it plain simple. In HTML, the most improtant part is the name of the input (the "name" attribute):

<form method="post" action="parse.php" 
    <input type="text" name="batman" />
    <input type="text" name="moses" />

<input type="submit" value="Send Data" />
</form>

When clicking the "submit" button, the values from those two inputs will "travel" via POST to the file mentioned in the "action" attribute: parse.php.

PHP has a global variable, POST, which, in this case, will be an associative array (the keys are the names of your inputs, and the values... the values inserted by user. So your "parse.php" has this POST variable after submitting:

$_POST = array(
  'batman' => 'admin',
  'moses' => 'toysrus'
);

echo $_POST['batman']; // outputs: admin

But your code was $POST[$username]. That's not the case here, although it's perfectly valid. The array key isn't the same as a variable name. This is what you should have:

if ( isset($_POST['username']) && isset($_POST['password'])){
	$username = $_POST['username'];
	$password = $_POST['password'];

// compare with yours:
if ( isset($_POST['$username'])&&isset($_POST['password'])){
	$username = $_POST['$username'];
	$password = $_POST['$password'];

POST is just an associative array that gets populated with keys (and values) which represent the name attribute in the HTML form (and their according values). Because you had the same variable name and name attribute, you got a little confused. Get acquainted with this, so that you can move on to security. Don't trust users, just me.

PS: isset()

wowstrats

after a bit of practice ive slowly understood how to work with $_POST and how it works lol it was actually more simple than i thought...

$POST is a variable passed through instances that is more or less in the background
$GET is a variable passed through instances that is visable by the url address?..

idk thats how i see them working anyway..

but now i have come to another problem with my actual code...

A registration Form:
register.php

<?php
	echo "<h1>Register</h1>";
?>

<html>

<form action='reguser.php' method='POST'>

<table>
	<tr>
		<td>
		Username:
		</td>
		<td>
		<input type='text' name='username' />
		</td>
	</tr>
	<tr>
		<td>
		Password:
		</td>
		<td>
		<input type='password' name='password' />
		</td>
	</tr>
	<tr>
		<td>
		Confirm:
		</td>
		<td>
		<input type='password' name='confirm_password' />
		</td>
	</tr>
</table>
<p>
<input type='submit' name='submit' value='Register' />

</form>
</html>

Output for the registration form:
reguser.php

<?php

if(isset($_POST['submit']{
	if(isset($_POST['username']))
	{
		if(isset($_POST['password']))
		{
			if(isset($_POST['confirm_password']))
			{
				if($_POST['password'] == $_POST['confirm_password'])
				{
					echo "Successfully Registered";
				}else{
					echo "Your passwords do not match! <a href=\"register.php\">Back</a>";
				}
			}else{
				echo "You must confirm your password! <a href=\"register.php\">Back</a>";
			}
		}else{
			echo "You must enter a password! <a href=\"register.php\">Back</a>";
		}
	}else{
		echo "You must enter a username! <a href=\"register.php\">Back</a>";
	}
}
?>

now this should output

"Successfully Registered!" as I thought I had it working... but it gives me a parse error on line 4 pointing to reguser.php

i dont know what is incorrect about it... the logic? the syntax? or something im missing? i dont know help would be greatly appreciated!

wowstrats

and is there anyway for me to create a global function for the isset() so i dont have to keep doing that on every page?

bradgrafelman

One quick comment; in your original code snippet above, note that this:

isset($_POST['$username'])

has an erroneous dollar sign in the array index, which is why it wasn't working.

As for your latest code snippet, there really isn't any need to nest the logic so deep like that. For example, this looks a bit cleaner/easier to follow to me:

if(isset($_POST['submit']))
{
    $username = (isset($_POST['username']) ? $_POST['username'] : '';
    $password = (isset($_POST['password']) ? $_POST['password'] : '');
    $conf_password = (isset($_POST['confirm_password']) ? $_POST['confirm_password'] : '');

if($username == '') 
{
    echo "You must enter a username! <a href=\"register.php\">Back</a>";
}
else if($password == '')
{
    echo "You must enter a password! <a href=\"register.php\">Back</a>"; 
} 
else if($conf_password == '')
{
    echo "You must confirm your password! <a href=\"register.php\">Back</a>";
}
else if($password != $conf_password) 
{
    echo "Your passwords do not match! <a href=\"register.php\">Back</a>"; 
} 
else
{ 
    echo "Successfully Registered"; 
}
}

wowstrats wrote:
and is there anyway for me to create a global function for the isset() so i dont have to keep doing that on every page?

Not sure what you mean; you should always test for the existence of an external variable before you use it.