Nope, you're slightly wrong! when you access a page: index.php?i=3
you would code: $i = $_GET['i']; :) POST is for when you are POSTING to a page from a form. GET, is when you are getting a page via the web browser. Geddit? :) -----Original Message----- From: Bobo Wieland [mailto:[EMAIL PROTECTED]] Sent: Monday, 13 January 2003 8:22 PM To: Stephen Edmonds Cc: PHP Windows Helplist Subject: Re: [PHP-WIN] initialize variables (was: Using the GET Method) Just wanted to say thanks to those of you who've helped me on this one! =) Thanks... One more question to clarify one thing, though: if someone is calling 'index.php' like this: 'index.php?i=10' and on that page I have: while ($i <= 10) { do something; $i++; } that piece of code wouldn't be executed. But if I used $i = $_POST['i']; it would work. But then again the 'hacker' could write a form for himself and send $i via post... So the smartest(?) thing would be to just write: $i = 0; while ($i <= 10) { do something; $i++; } Thanks for helping me! And about books being outdated; I still learn the basics better from books. When I've then learnt the basics it's easier to catch-up, reading on-line and asking people like you... But for me books is the way to go when I'm learning... .bobo www.elstudion.com/bobo/ www.elstudion.com ----- Original Message ----- From: "Stephen Edmonds" <[EMAIL PROTECTED]> To: "Bobo Wieland" <[EMAIL PROTECTED]> Cc: "PHP Windows Helplist" <[EMAIL PROTECTED]> Sent: Sunday, January 12, 2003 4:15 PM Subject: Re: [PHP-WIN] initialize variables (was: Using the GET Method) > > ----- Original Message ----- > From: "Bobo Wieland" <[EMAIL PROTECTED]> > To: "Sean Malloy" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> > Sent: Sunday, January 12, 2003 2:59 PM > Subject: [PHP-WIN] initialize variables (was: Using the GET Method) > > > > Please, explain this to me, because I couldn't figure it out by myself... > > > > If register_globals is set to 'off', and because it's good practice, you > > It makes it harder for someone to 'hack' your webpage. > > > should allways initzialize your variables? > > So I should write: > > > > $test = $_POST['test']; and then I can use $test as usuall... > > You don't have to. You can either do that and then use test, or you can just > use $_POST['test'] instead. It does not matter which way. > > > But what about local variables then? Variables that shouldn't be past from > one page to > > another? > > They won't be parsed... If you don't send it via a session/cookie/form/etc, > it won't be on the next page > > > And is $_POST[] short for $HTTP_POST_VARS[] or is it something else? > > $HTTP_POST_VARS[] is the older version of $_POST. It will most likely not > be in any more versions of php, hence why you must use $_POST > > > And should you use $_SESSION[] and not session_register()?!? > > $_SESSION[] only holds the values of the session variables. If you register > a value using session_register(), it will then be stored in $_SESSION[] . > > Complicated bit: > Basically, $_POST/$_GET/etc are just 'arrays'. They are used to store all > the values passed on in a page in a few big stores. It is also much harder > to manually input values into those arrays. e.g. > $_POST["test"] can ONLY have come from a post method, e.g. from a form > submited to your page. > $test however can come from the url ( http://host/page.php?test=thisvalue), > or from a form, or any other input method. It all comes down to security in > the end. > > If you have any further questions, do not hesitate to send it in. The only > stupid question is one which you do not ask! > > Stephen > > > > > Sorry for these simple questions, but I would like to do things right... > My > > knowledge comes basicly just from 'Beginning PHP4 (WROX)' and it seems > that > > the book doesn't dig so deep into this matter... > > > > Thanks! > > > > > > .bobo :: www.elstudion.com/bobo > > ----- Original Message ----- > > From: "Sean Malloy" <[EMAIL PROTECTED]> > > To: "Wade" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> > > Sent: Sunday, January 12, 2003 9:59 AM > > Subject: RE: [PHP-WIN] Using the GET Method > > > > > > > IMO, writing programs that work without register_globals to be enabled, > is > > a > > > good thing. > > > > > > Throughout the book, the code examples will have been created with > > > register_globals on. (The default setting for older PHP > > > installations/versions) > > > > > > just keep in mind that variables are not auto created for you, so you > must > > > initialize them first. > > > > > > $author = $_GET['author']; > > > > > > if you change the form method to POST, then you will have to modify the > > code > > > to reflect that too. > > > > > > Anyways, explicitly initialising your variables is a good habit to get > > into. > > > Its more secure. > > > > > > -----Original Message----- > > > From: Dash McElroy [mailto:[EMAIL PROTECTED]] > > > Sent: Sunday, 12 January 2003 3:49 PM > > > To: Wade > > > Cc: [EMAIL PROTECTED] > > > Subject: Re: [PHP-WIN] Using the GET Method > > > > > > > > > Ah, You're the latest of the ones to get hit by the register_globals > > > setting. There are two things to do: > > > > > > 1. Change your code to reference the METHOD referenced in the form page > > > GET -> $_GET['varname'] > > > POST -> $_POST['varname'] > > > COOKIE -> $_COOKIE['varname'] > > > SESSION -> $_SESSION['varname'] > > > GPC (Get Post Cookie, in that order) -> $_REQUEST['varname'] > > > > > > See php.net/register_globals for this. > > > > > > 2. Change your php.ini settings from: > > > register_globals = off > > > to > > > register_globals = on > > > > > > then restart your server. > > > > > > Now, I just have to ask myself why I don't have a canned message for > > > this... > > > > > > -Dash > > > > > > Know thyself. If you need help, call the C.I.A. > > > > > > On Sat, 11 Jan 2003, Wade wrote: > > > > > > > 01112003 2132 CST > > > > > > > > Im working on learning PHP4 by reading Beginning PHP 4, Wrox Press. > > > > Chapter 3, page 76. > > > > Im working with a form field sending data via the GET method. > > > > On the first page, you fill in a text field and hit send. > > > > That data is sent via the URL. > > > > I can see it in the URL, on the next page. > > > > The page will not show the data in the variable spot. > > > > > > > > The Code: > > > > > > > > Page One > > > > <html><head><title></title></head> > > > > <body> > > > > <form method=get action="text.php> > > > > Who is your favorite author? > > > > <input name="author" type="text"> > > > > <br> > > > > <input type=submit> > > > > </form> > > > > </body></html> > > > > > > > > Page Two - text.php > > > > <html><head><title></title></head> > > > > <body> > > > > Your favorite author is: > > > > <?php > > > > echo $author; > > > > ?> > > > > </body></html> > > > > > > > > Now, I know PHP is case sensitive and I have been sure to check the > > > > $variable in the code. I have worked through some other pages in this > > > > book and I downloaded the documentation from the wrox website. Their > > > > code is exactly as the book and my own. > > > > > > > > Im stumbed. Anybody read this book? Can anybody see something wrong? > > > > > > > > Wade > > > > > > > > > > > > -- > > > > PHP Windows Mailing List (http://www.php.net/) > > > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > > > > > > > > > > > > > > -- > > > PHP Windows Mailing List (http://www.php.net/) > > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > > > > > > -- > > > PHP Windows Mailing List (http://www.php.net/) > > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > > > > > > > > > -- > > PHP Windows Mailing List (http://www.php.net/) > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > > > -- > PHP Windows Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
