Register Globals Off

cmiller · August 18th, 2003, 03:36 PM

Ok now I feel like a fool.. I have been using PHP for years now and this is my first experience with "register_globals = off".

My question is this... How the hell to I retrieve the variable passed from a form if the globals are off? I have tried $_POST['variable'] and $_SESSION['variable'] with no luck. What is my dumb @$$ doing wrong here? lol

BTW, I still feel like a fool.

--Chris

----------
~cmiller

nikolai · August 18th, 2003, 03:52 PM

Don't feel like a fool! It can be more difficult for people used to the old way than it is for newbies to learn the new from scratch.

The gist is -- your $_xxx variable needs to match the form method that's passing form fields in.

If your <form method="get"> use $_GET.
If your <form method="post"> use $_POST.

$_SESSION is only used for session variables -- that is, variables whose values you want to persist across page requests.

Take care,

Nik
http://www.bigaction.org/

cmiller · August 18th, 2003, 04:08 PM

-- UPDATE

I tried manually defining the variables above the MYSQL crap, and it still doesn't work. GRRR... here's what I did:

    $name = $_POST['name'];
    $company = $_POST['company'];
    $email = $_POST['email'];
    $phone = $_POST['phone'];

And the insert command just calls $name, $company, etc. What am I doing wrong now.. Boy this is frustrating.

One last note... $ipadd is working in the below insert statement and it is populated by $_SERVER['REMOTE_ADDR'];

---------------------------------------------------------------

Thanks Nik for the update, but here's the BIG question... Will this work?

$_POST[variable]

- or does it need to have the inside single quotes ie:

$_POST['variable']

?? Here's the reasoning: MySQL insert statement:

INSERT INTO $record_tablename VALUES(NULL, '$time', '$ipadd', '$_POST['name']', '$_POST['company']', '$_POST['email']')"; $result = mysql_query($query);

Obviously the single quotes will piss this whole thing off. So, the most obvious solution is to define them myself above this i.e. $company = $_POST['company']; But can I do this within the INSERT command?

Thanks for your time man.. I know this is pretty easy for you.

----------
~cmiller

nikolai · August 18th, 2003, 04:34 PM

Well, now you're talking about string parsing and variable substitution, not about incoming form variables.

Inside a double-quoted or heredoc string, PHP performs variable substitution. It can parse up to one level of array indexing automatically. Additional levels of nesting require you to either break out of the string and concatenate the array value, or use curly-brace syntax. Personally, I use curly-brace syntax for almost all variable substitutions within strings.

Examples:

$query <<<EOQ
INSERT INTO {$table} VALUES
    (NULL,
    '{$_POST['user']}', // curly-braces allow you to quote array indexes!
    '$_POST[pass]', // without curly-braces, don't quote your index!
    '$obj->var') // can access object vars, too!
EOQ;

There's a wealth of information about all the nuances of variable substitution, with examples, in the manual:
  http://www.php.net/types.string

Take care,

Nik
http://www.bigaction.org/

cmiller · August 18th, 2003, 05:21 PM

Thanks Nik,

I finally got it.. Of course this is what I get for letting our HTML designer make the form for me and me not paying attention to what they had done. They were using GET as the method rather than POST, and I was calling it with POST.

Oh well, it was my own damn fault. Thanks for all the help. You da' man!

----------
~cmiller