Form processing help - simple question

[borris83]

Hi I am an absolute beginner in PHP and I need a small clarification.

I watched two video tutorials, both of them are good but what they varies.


Say I have this simple html form:

<form action = "1.php" method = "post">
Name: <input type ="hidden" name = "posted" value = "true">
<input type = "text" name = "shan">
<input type = "submit" value = "submit">


1 tutorial says that output for name will be received as the value of variable $_POST('shan')

The other tutorial says that it will automatically assigned to the variable $shan in the processing page.


I tested both:

<?php

// some training videos say that this will work but it doesn't

if(isset($posted))
{
echo $shan;
}


// This certainly works

if (isset ($_POST['posted']))
{ echo $_POST['shan'];}

?>


You see that I have commented, that the first 'if' statement doesn't output anything but the second one does. Why doesn't the first own work... (In the video tutorial the tutor was actually showing an example and it worked for him)

Probably, does this work only for older versions?

[bluewalrus]

He/She would have had to have put this in somewhere else

$posted = $_POST ['posted'];
$shan = $_POST['shan'];

The $_POST[''] grabs the input name and puts it into the other variable with this code.

[borris83]

I found the reason.. The tutor should have been using a version of php earlier than 4.2.

Source: http://in.php.net/manual/en/language...predefined.php

There is a warning on this page which says:

In PHP 4.2.0 and later, the default value for the PHP directive register_globals is off. This is a major change in PHP. Having register_globals off affects the set of predefined variables available in the global scope. For example, to get DOCUMENT_ROOT you'll use $_SERVER['DOCUMENT_ROOT'] instead of $DOCUMENT_ROOT, or $_GET['id'] from the URL http://www.example.com/test.php?id=3 instead of $id, or $_ENV['HOME'] instead of $HOME.

[JasonDFR]

EDIT: I was slowly writing this post, making coffee, and talking on the phone while you made that last post Borris. Anyway, now you know.

I found the reason.. The tutor should have been using a version of php earlier than 4.2.

Or has set register_globals to "On"

END EDIT

PHP Code:

<?php

// some training videos say that this will work but it doesn't

if(isset($posted))
{
    echo $shan;
}

Short answer:

This doesn't work. Do not do it this way.

Long answer:

The above is something called register_globals . Since PHP 4.2 it is set to Off by default. The above will work if register_globals is set to "On." You should not use this method and in most cases you cannot use this method without changing the settings of your PHP configuration. Also, register_globals will not even exist in PHP 6.

Always access your form variables by using $_POST['var'] and make sure to validate the value before using it.

So the videos you watched that use the above method are either really old or made by people who haven't given much thought to the current state of PHP or security. It's probably the former.

I always try to find a date when looking for stuff like this. If there is a date and it is before 2006, there is a good chance the information is outdated.

[Ahmed Saleh]

Hello , borris83

i want to tell you a small information .

on this simple form :

PHP Code:

<form action = "1.php" method = "post">
Name: <input type ="hidden" name = "posted" value = "true">
<input type = "text" name = "shan">
<input type = "submit" value = "submit"> 


you can recieve the results with 2 methods .

the first one :

$shan = $_POST[shan] ;

OR

you have to write this function at first of the php page :

PHP Code:

<?php

extract ($_POST);
// now you can use this variable directly 
echo $shan ;

?>

[JasonDFR]

http://www.php.net/manual/en/function.extract.php :

Warning

Do not use extract() on untrusted data, like user-input ($_GET, ...). If you do, for example, if you want to run old code that relies on register_globals temporarily, make sure you use one of the non-overwriting extract_type values such as EXTR_SKIP and be aware that you should extract in the same order that's defined in variables_order within the php.ini.