NYCPHP Meetup

[nycphp-talk] Question regarding $HTTP_POST_VARS

Larry Chuon LarryC at indexstock.com
Tue Jun 11 10:21:49 EDT 2002


Thanks you and Ken for your quick response.  I leave register_globals = off
for now.  I think the add'l effort worth the security.

-----Original Message-----
From: delta [mailto:delta at rochester.rr.com]
Sent: Tuesday, June 11, 2002 10:13 AM
To: NYPHP Talk
Subject: Re: [nycphp-talk] Question regarding $HTTP_POST_VARS


This can be fixed in the PHP.ini file
with:

register_globals = on

It is more secure to leave this off though,
and use code like this:

$first = $HTTP_POST_VARS['first'];

As mentioned by Ken Wu, that works fine.

----- Original Message -----
From: "Larry Chuon" <LarryC at indexstock.com>
To: "NYPHP Talk" <talk at nyphp.org>
Sent: Monday, June 10, 2002 5:19 PM
Subject: [nycphp-talk] Question


> <paralist>This message contained 1 file(s) and is available at
http://nyphp.org/list/paralist_archive.html?L_mid=364</paralist>
>
> I'm working on a sample code and have some questions.  My php and html
files
> are below.  I'm running on IIS and MySQL.  This code gives me the
following
> error:
>
>
> Notice: Undefined variable: first in d:\\example\\datain.php on line 5
>
> Notice: Undefined variable: last in d:\\example\\datain.php on line 5
>
> Notice: Undefined variable: nickname in d:\\example\\datain.php on line 5
>
> Notice: Undefined variable: email in d:\\example\\datain.php on line 5
>
> Notice: Undefined variable: salary in d:\\example\\datain.php on line 5
> Thank you! Information entered.
>
> If I add the following lines prior to the insert statement, it works fine.
> $first = $HTTP_POST_VARS['first'];
>
> $last = $HTTP_POST_VARS['last'];
>
> $nickname = $HTTP_POST_VARS['nickname'];
>
> $email = $HTTP_POST_VARS['email'];
>
> $salary = $HTTP_POST_VARS['salary'];
>
> Why do I need $HTTP_POST_VARS???? Thanks in advance.
>
> --------------------
>
> datain.php
> <html>
>
> <?php
>
> $db = mysql_connect("172.21.6.25","root","123456");
>
> mysql_select_db("learndb",$db);
>
> $sql="insert into personnel (firstname, lastname, nick, email, salary)
> VALUES ('$first','$last','$nickname','$email','$salary')";
>
> $result = mysql_query($sql);
>
> echo "Thank you! Information entered.\
";
>
> ?>
>
> </html>
>
>
> datain.html
> <html>
>
> <body>
>
> <form action="datain.php" method="post">
>
> First name:<input type="text" name="first"><br>
>
> Last name:<input type="text" name="last"><br>
>
> Nick name:<input type="text" name="nickname"><br>
>
> E-mail:<input type="text" name="email"><br>
>
> Salary:<input type="text" name="salary"><br>
>
> <input type="Submit" name="submit" value="Enter information">
>
> </form>
>
> </body>
>
> </html>
>
>
>
>




More information about the talk mailing list