Hello All,

The code snippet below seems to be very simple

**************Code Snippet Starts from here*********************

<?php
if($submit == "Go")
{
echo("You wrote ". $you_wrote);
echo("<br> You could have done whatever you want with the input instead");
exit;
}
else
{
echo("Nothing happend<br>");
}

?>
<form action="input.php" method="POST" name="f1">
Input a word <input type="text" size="20" name="you_wrote">
<input type="submit" name="submit" value="Go">
</form>

**************Code Snippet Ends here**************************

Whenever I enter something into the textbox and press 'Go' button it prints "Nothing Happend" and the form that contains a Textbox and a Go button.

According to some PHP books the above code should work. I am trying to handle the data from the user without using $_POST and $_GET php system based arrays.

Any help would be appreciated

Regards

Code Exploiter

Note that the [code] tag on this board will allow you to post code. (actually, [php] will do better for php)



The page the action points to, input.php is the current page, the one the code above is from, correct?


Using the "register_globals" setting, submitted elements from a form will be automatically set, like from name="blah" to $blah.
However, if that is not set, which I am guessing is the case in your script, that will not happen.
Instead, the value of that will be available through $_POST['name'].

Either replace the above variables with post variables like that, or set the variables at the top, like:
$name = $_POST['name'];

I am trying to handle the data from the user without using $_POST and $_GET php system based arrays.Why on Earth would you want to do that? $_POST and $_GET are much easier to handle, and far more portable and secure than using register_globals (the configuration setting on which you're relying in the above code). A similar effect can be achieved by adding:
foreach($_POST as $k => $v) {
$$k = $v;
global $$k;
}... to the top of the page, but as mentioned, it's not a good idea, since in some situations a malicious user could use it to override important variables in the script that you trust.

Hmm... yeah. It may seem like it's a lot more work to use the GET/POST variables, but it really isn't and gives you control over what's going on, plus it makes more sense as you get used to using them... so... I'd stick with them.