Welcome to the MacNN Forums.

shadybirdstan · Oct 31, 2003, 02:19 PM

I'm having a pretty weird problem here and I am pretty sure its due to my upgrade to Panther. While I'm loving Panther this one problem is definitely giving me a big headache.

I was trying to pass some variables to MySQL using a form, pretty basic stuff. The pages were working before Panther (I'm almost positive but I did make some changes before the upgrade) but now it doesn't seem to work. When I did upgrade to Panther, I had to turn on PHP again and I'm wondering if maybe this is a newer version and I missed something else to make the passing of variables using POST possible?

I did create a couple basic pages for testing to see if I was losing my mind or what. Here is the form page:
[php]
<html>
<head>
<title>Basic Form</title>
</head>
<body>
<form action="parse.php" method="POST">
<input type="text" name="user">
<br>
<textarea name="address" rows="5" cols="40">
</textarea> <br>
<br>
<input type="submit" value="hit it!">
</form>
</body>
</html>
[/php]
And here is the "parse" page, that should just show the variables:
[php]
<html>
<head>
<title>Parser</title>
</head>
<body>
<?php
print "Welcome <b>$user</b><p>\n\n";
print "Your address is:<p>\n\n<b>$address</b><p>\n\n"; ?>
</body>
</html>
[/php]

madmacgames · Oct 31, 2003, 03:40 PM

to use the variables like $user and $address, I think you have to enable register globals, either in php.ini or by allowing overrides from .htaccess in httpd.conf and adding the line `php_value register_globals "On"` to a .htaccess file where this script resides...

Short of that, just use the variables as they are meant to be used:
$_POST['user'] and $_POST['address'] (or use $HTTP_POST_VARS in place of $_POST if the short form will not work for some reason).

Simon Mundy · Nov 6, 2003, 04:06 PM

...or if you're in a hurry, add:

extract($_POST);

which will let you use your original code, as this gives you the same result as Register Globals.

It's nothing to do with Panther - it's PHP upgrading its security so that variables have to be explicitly set. It also forces you to write more considered code!

macgyvr64 · Nov 8, 2003, 12:47 AM

I usually just grab the variables from the POST like this:

$newVarName=$_POST['passedVarName'];

darcybaston · Dec 21, 2003, 11:40 AM

With your help I'm now able to pass variables from a form submission, but I can't just fill out the variables on my own from the url

If a form field contains name=darcy and action='script.php' method=post

and script.php has the code $name=$_POST['name']; and I can reference it that way no problem

why can't I do in the url bar of my browser:

http://www.domain.org/script.php?name=darcy

I did a search on my hd and I can't find php.ini . I used "sudo find / -name "php.ini" "

macgyvr64 · Dec 21, 2003, 03:15 PM

Originally posted by darcybaston:
why can't I do in the url bar of my browser:

http://www.domain.org/script.php?name=darcy

I did a search on my hd and I can't find php.ini . I used "sudo find / -name "php.ini" "

for that, you need to use method=GET in your form. Get uses the ?var=stuff method, and Post is not shown in the browser address bar.

darcybaston · Dec 21, 2003, 03:26 PM

Actually, for address bar applications you have to use $_REQUEST. At least that's what I learned in another MacNN post and fixed my problems.

I now use this: extract($_REQUEST);

macgyvr64 · Dec 21, 2003, 03:34 PM

Hmm, I've seen that, too. I wonder what the difference is between GET and REQUEST...

darcybaston · Dec 21, 2003, 04:20 PM

GET means get things from the url, while POST means get things from the HTTP header. ( I think)

si_lance · 05:53 PM

Originally posted by darcybaston:
Actually, for address bar applications you have to use $_REQUEST. At least that's what I learned in another MacNN post and fixed my problems.

I now use this: extract($_REQUEST);

just FYI,
$_REQUEST gets all variables from GET, POST, and COOKIE so it's probably the best one to use (at least the simplest).

Also,
If you want to go back to just making your original script work turn register_globals back to "on", but it is a security risk as people can override your variables using a well-formed url like yourpage.php?logon=true, and if your php page is looking for $logon then they are in. Also, a reason not to use extract($_REQUEST).

If you're interested, I found the area on php.net that describes this:
http://us4.php.net/manual/en/securit...terglobals.php

Simon Mundy · Dec 22, 2003, 01:30 AM

Originally posted by si_lance:
just FYI,
$_REQUEST gets all variables from GET, POST, and COOKIE so it's probably the best one to use (at least the simplest).

Also,
If you want to go back to just making your original script work turn register_globals back to "on", but it is a security risk as people can override your variables using a well-formed url like yourpage.php?logon=true, and if your php page is looking for $logon then they are in. Also, a reason not to use extract($_REQUEST).

Not strictly true, unless the order of Request variables is changes - GET is used first (by default), then POST, so POST variables will override in most cases.

york28 · Dec 22, 2003, 10:15 AM

The confusion is due to the fact that you didn't have to do anything to use POST/GET variables before- they were made available automatically. This was seen as a potential security flaw (which it could be), so this feature (called resigter_globals) was disabled in version 4.2.

You can override the setting, but it's just as easy to follow the advice of madmacgames.

Most of the PHP tutorials online haven't been updated to reflect this change, though, so I'm guessing a lot of people (including myself at one point) get really confused as to why they can't use their variables.

(eidt: whoops, somebody already said this. oh well.)