Hi,
I've just started learning php and I'm having a problem.
I'm following a tutorial for creating a guestbook with a mysql backend -
everything is set up correctly.
Here's the relevant code for the page where the user types in their name and
location (sign.php)
<h2>Sign my guestbook</h2>
<form action="create_entry.php">
<b>Name:</b>
<input type="text" size=40 name=name>
<br>
<b>Location:</b>
<input type="text" size=40 name=location>
What I want is the values stored in name and location to be entered into the
database.
In create_entry.php I have this code:
$query = "INSERT INTO guestbook VALUES ('$name', '$location')" ;
Now for some reason the variables name and location are not entered in the
database, instead blank fields are entered. When I replace the variable
names with absolute values the database is updated correctly to show those
values so I know the query works. But somehow the name and location are not
being sent from sign.php to create_entry.php even though they are there and
present in the header info
e.g
http://localhost/create_entry.php?name=Joh...don&submit=Sign
Anyone know what I'm doing wrong, any help much appreciated.
Thanks
--
Ant
Full Version: What am I doing wrong?
Hi,
Try adding this code before the $query statement
if you are using 'POST' in the <form ... method="POST">
$name = $HTTP_POST_VARS["name"] ;
$location = $HTTP_POST_VARS["location"] ;
if you are using 'GET' in the <form ... method="GET">
$name = $HTTP_GET_VARS["name"] ;
$location = $HTTP_GET_VARS["location"] ;
For security reasons, your Server Admin may turn off
the --enable-register-global flag in php.ini. I face this problem too and I
use the above method to work around.
Danny Wong
"Ant" <[Email Removed]> glsD:d91c91$m3$[Email Removed]...
Try adding this code before the $query statement
if you are using 'POST' in the <form ... method="POST">
$name = $HTTP_POST_VARS["name"] ;
$location = $HTTP_POST_VARS["location"] ;
if you are using 'GET' in the <form ... method="GET">
$name = $HTTP_GET_VARS["name"] ;
$location = $HTTP_GET_VARS["location"] ;
For security reasons, your Server Admin may turn off
the --enable-register-global flag in php.ini. I face this problem too and I
use the above method to work around.
Danny Wong
"Ant" <[Email Removed]> glsD:d91c91$m3$[Email Removed]...
| QUOTE |
| Hi, I've just started learning php and I'm having a problem. I'm following a tutorial for creating a guestbook with a mysql backend - everything is set up correctly. Here's the relevant code for the page where the user types in their name and location (sign.php) <h2>Sign my guestbook</h2 <form action="create_entry.php" <b>Name:</b <input type="text" size=40 name=name <br <b>Location:</b <input type="text" size=40 name=location What I want is the values stored in name and location to be entered into the database. In create_entry.php I have this code: $query = "INSERT INTO guestbook VALUES ('$name', '$location')" ; Now for some reason the variables name and location are not entered in the database, instead blank fields are entered. When I replace the variable names with absolute values the database is updated correctly to show those values so I know the query works. But somehow the name and location are not being sent from sign.php to create_entry.php even though they are there and present in the header info e.g http://localhost/create_entry.php?name=Joh...don&submit=Sign Anyone know what I'm doing wrong, any help much appreciated. Thanks -- Ant |
Ant wrote:
| QUOTE |
| Anyone know what I'm doing wrong, any help much appreciated. |
"Ant" <[Email Removed]> kirjoitti
viestiss:d91c91$m3$[Email Removed]...
viestiss:d91c91$m3$[Email Removed]...
| QUOTE |
| Hi, I've just started learning php and I'm having a problem. I'm following a tutorial for creating a guestbook with a mysql backend - everything is set up correctly. Here's the relevant code for the page where the user types in their name and location (sign.php) <h2>Sign my guestbook</h2 <form action="create_entry.php" <b>Name:</b <input type="text" size=40 name=name <br <b>Location:</b <input type="text" size=40 name=location What I want is the values stored in name and location to be entered into the database. In create_entry.php I have this code: $query = "INSERT INTO guestbook VALUES ('$name', '$location')" ; Now for some reason the variables name and location are not entered in the database, instead blank fields are entered. When I replace the variable names with absolute values the database is updated correctly to show those values so I know the query works. But somehow the name and location are not being sent from sign.php to create_entry.php even though they are there and present in the header info e.g http://localhost/create_entry.php?name=Joh...don&submit=Sign Anyone know what I'm doing wrong, any help much appreciated. |
What ever source you got that example, it is outdated. Submitted form fields
are no longer available as variables directly, but you need to retrieve them
from arrays $_GET, $_POST or $_REQUEST. To get form field "name", you fetch
it from one of the named arrays: $my_name = $_GET['name']; and $my_location
= $_GET['location'];
Now this works:
$query = "INSERT INTO guestbook VALUES ('$my_name', '$my_location')" ;
You can also use this sort of syntax:
$query = "INSERT INTO guestbook VALUES ('{$_GET['name']}',
'{$_GET['location']}')" ;
Which ever is less confusing.
If you're intrested about why things were changed such dramatically, you can
read about it at: http://www.php.net/manual/en/security.globals.php , but in
short words: it's for your own safety. When you are using variables from a
restricted array, you absolutely know they are user inputs, and none of your
other variables aren't. It's a good thing to keep your own variables and
user data separated.
--
"I am pro death penalty. That way people learn
their lesson for the next time." -- Britney Spears
[Email Removed]
Thanks!!, that's very helpful. Cheers for taking the time to explain it to
me.
me.
thanks
"Janwillem Borleffs" <[Email Removed]> wrote in message
news:42b43b50$0$13878$[Email Removed]...
"Janwillem Borleffs" <[Email Removed]> wrote in message
news:42b43b50$0$13878$[Email Removed]...
| QUOTE |
| Ant wrote: Anyone know what I'm doing wrong, any help much appreciated. Read: http://www.php.net/register_globals JW |
Hi.
One more thing. It's not relevant to your error and/or solution,
but check if you have "magic quotes" turned on or (if not) use
escaping functions cause this statement:
$query = "INSERT INTO guestbook VALUES ('$name', '$location')" ;
may be prone to SQL injection attacks.
Try entering:
a', 'b' ); --
as a name and check what gets to the "guestbook" table. If it
is "a" as name and "b" as location, then you'll have to use
escaping functions.
Hilarion
PS.: My English is quite rusty so please excuse me if I screwed
up the text above.
One more thing. It's not relevant to your error and/or solution,
but check if you have "magic quotes" turned on or (if not) use
escaping functions cause this statement:
$query = "INSERT INTO guestbook VALUES ('$name', '$location')" ;
may be prone to SQL injection attacks.
Try entering:
a', 'b' ); --
as a name and check what gets to the "guestbook" table. If it
is "a" as name and "b" as location, then you'll have to use
escaping functions.
Hilarion
PS.: My English is quite rusty so please excuse me if I screwed
up the text above.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.