----- Original Message ----- From: "Bobo Wieland" <[EMAIL PROTECTED]> To: "Sean Malloy" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Sunday, January 12, 2003 2:59 PM Subject: [PHP-WIN] initialize variables (was: Using the GET Method)
> Please, explain this to me, because I couldn't figure it out by myself... > > If register_globals is set to 'off', and because it's good practice, you It makes it harder for someone to 'hack' your webpage. > should allways initzialize your variables? > So I should write: > > $test = $_POST['test']; and then I can use $test as usuall... You don't have to. You can either do that and then use test, or you can just use $_POST['test'] instead. It does not matter which way. > But what about local variables then? Variables that shouldn't be past from one page to > another? They won't be parsed... If you don't send it via a session/cookie/form/etc, it won't be on the next page > And is $_POST[] short for $HTTP_POST_VARS[] or is it something else? $HTTP_POST_VARS[] is the older version of $_POST. It will most likely not be in any more versions of php, hence why you must use $_POST > And should you use $_SESSION[] and not session_register()?!? $_SESSION[] only holds the values of the session variables. If you register a value using session_register(), it will then be stored in $_SESSION[] . Complicated bit: Basically, $_POST/$_GET/etc are just 'arrays'. They are used to store all the values passed on in a page in a few big stores. It is also much harder to manually input values into those arrays. e.g. $_POST["test"] can ONLY have come from a post method, e.g. from a form submited to your page. $test however can come from the url ( http://host/page.php?test=thisvalue), or from a form, or any other input method. It all comes down to security in the end. If you have any further questions, do not hesitate to send it in. The only stupid question is one which you do not ask! Stephen > > Sorry for these simple questions, but I would like to do things right... My > knowledge comes basicly just from 'Beginning PHP4 (WROX)' and it seems that > the book doesn't dig so deep into this matter... > > Thanks! > > > .bobo :: www.elstudion.com/bobo > ----- Original Message ----- > From: "Sean Malloy" <[EMAIL PROTECTED]> > To: "Wade" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> > Sent: Sunday, January 12, 2003 9:59 AM > Subject: RE: [PHP-WIN] Using the GET Method > > > > IMO, writing programs that work without register_globals to be enabled, is > a > > good thing. > > > > Throughout the book, the code examples will have been created with > > register_globals on. (The default setting for older PHP > > installations/versions) > > > > just keep in mind that variables are not auto created for you, so you must > > initialize them first. > > > > $author = $_GET['author']; > > > > if you change the form method to POST, then you will have to modify the > code > > to reflect that too. > > > > Anyways, explicitly initialising your variables is a good habit to get > into. > > Its more secure. > > > > -----Original Message----- > > From: Dash McElroy [mailto:[EMAIL PROTECTED]] > > Sent: Sunday, 12 January 2003 3:49 PM > > To: Wade > > Cc: [EMAIL PROTECTED] > > Subject: Re: [PHP-WIN] Using the GET Method > > > > > > Ah, You're the latest of the ones to get hit by the register_globals > > setting. There are two things to do: > > > > 1. Change your code to reference the METHOD referenced in the form page > > GET -> $_GET['varname'] > > POST -> $_POST['varname'] > > COOKIE -> $_COOKIE['varname'] > > SESSION -> $_SESSION['varname'] > > GPC (Get Post Cookie, in that order) -> $_REQUEST['varname'] > > > > See php.net/register_globals for this. > > > > 2. Change your php.ini settings from: > > register_globals = off > > to > > register_globals = on > > > > then restart your server. > > > > Now, I just have to ask myself why I don't have a canned message for > > this... > > > > -Dash > > > > Know thyself. If you need help, call the C.I.A. > > > > On Sat, 11 Jan 2003, Wade wrote: > > > > > 01112003 2132 CST > > > > > > Im working on learning PHP4 by reading Beginning PHP 4, Wrox Press. > > > Chapter 3, page 76. > > > Im working with a form field sending data via the GET method. > > > On the first page, you fill in a text field and hit send. > > > That data is sent via the URL. > > > I can see it in the URL, on the next page. > > > The page will not show the data in the variable spot. > > > > > > The Code: > > > > > > Page One > > > <html><head><title></title></head> > > > <body> > > > <form method=get action="text.php> > > > Who is your favorite author? > > > <input name="author" type="text"> > > > <br> > > > <input type=submit> > > > </form> > > > </body></html> > > > > > > Page Two - text.php > > > <html><head><title></title></head> > > > <body> > > > Your favorite author is: > > > <?php > > > echo $author; > > > ?> > > > </body></html> > > > > > > Now, I know PHP is case sensitive and I have been sure to check the > > > $variable in the code. I have worked through some other pages in this > > > book and I downloaded the documentation from the wrox website. Their > > > code is exactly as the book and my own. > > > > > > Im stumbed. Anybody read this book? Can anybody see something wrong? > > > > > > Wade > > > > > > > > > -- > > > PHP Windows Mailing List (http://www.php.net/) > > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > > > > > > > > > -- > > PHP Windows Mailing List (http://www.php.net/) > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > > > -- > > PHP Windows Mailing List (http://www.php.net/) > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > > > > -- > PHP Windows Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
