Wrox Programmer Forums
|
Beginning PHP Beginning-level PHP discussions. More advanced coders should post to the Pro PHP forum.
Welcome to the p2p.wrox.com Forums.

You are currently viewing the Beginning PHP section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
 
Old December 12th, 2003, 06:58 PM
Registered User
 
Join Date: Dec 2003
Posts: 7
Thanks: 0
Thanked 0 Times in 0 Posts
Default $REQUEST help ..

I'm trying to pass variables from an html form to my php script but they aren't getting through, it's getting caught up in this if statement and refreshing the page because the variables are empty - can someone advise why this isn't working?

Here is the code:

//check for required fields
if ((!$_REQUEST['username']) || (!$_REQUEST['password'])) {
    header("Location:http://www.maac.bm/phpWeb/show_login.html");
    exit;
}

I've also tried $_POST as well but that don't work !!! Someone HELP!!

 
Old December 12th, 2003, 07:27 PM
Friend of Wrox
 
Join Date: Jun 2003
Posts: 836
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Have you tried looking at the actual contents of $_REQUEST?

echo "<pre>";
print_r($_REQUEST);
echo "</pre>";

If you're submitting the values via POST, then they should be in $_POST.

Also, you should be explicit about what you're testing. That is, instead of using:

if (!$var)

do

if (!isset($var) || empty($var))

This protects you against displaying a NOTICE level warning when the variable (or array index) is not defined.

If you're still having problems, post the HTML source of the form, the output of print_r($_REQUEST) after submitting the form, and any relevant code up to and including the if() statement you're having problems with.


Take care,

Nik
http://www.bigaction.org/
 
Old December 13th, 2003, 09:35 AM
Registered User
 
Join Date: Dec 2003
Posts: 7
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Thanks for the help ..

The output of :

echo "<pre>";
print_r($_REQUEST);
echo "</pre>";


returns me back:

<pre></pre>

Which tells me that they are empty ..

here is the source of the other files:

[u]HTML</u>
<html>
<head></head>
<body>
<form name="form1" method="post" action="login.php">
  <p>
<input name="username" type="text" >
</p>
<p>
<input name="password" type="password" >
<input type="submit" name="Submit" value="Submit">
</p>
</form>
</body>
</html>

[u]PHP</u>
<?php

//check for required fields
if ((!$_REQUEST['username']) || (!$_REQUEST['password'])) {
    //header"Location:http://www.maac.bm/phpWeb/show_login.html");
    echo "<pre>";
    print_r($_REQUEST);
    echo "</pre>";
    exit;
}

//setup names of database and table to use
$db_name ="MAAC_login";
$table_name ="users";

//connect to server and select database
$connection = @mysql_connect("www.maac.bm","root","*****") or die(mysql_error());
$db = @mysql_select_db($db_name,$connection) or die(mysql_error());

//build and issue query


 $sql = "SELECT * "
        . " FROM `users` "
        . " WHERE `Username` = '$_REQUEST[username]' AND `Password` = '$_REQUEST[password]' ";

$result = @mysql_query($sql)or die (mysql_error());

//get the number of rows in the result set
$num =mysql_numrows($result);

//print a message and set a cookie if authorized,
//or redirect elsewhere if unauthorized
if ($num !=0){
    $cookie_name ="auth";
    $cookie_value ="ok";
    $cookie_expire ="0";
    $cookie_domain ="www.maac.bm";

    setcookie($cookie_name,$cookie_value,$cookie_expir e,"/", $cookie_domain,0);

    $display_block ="
    <p><strong>Secret Menu:</strong></p>
    [list]
    <li><a href=\"secretA.php\">secret page A</a>
    <li><a href=\"secretB.php\">secret page B</a>
    </ul>";
} else {
    $display_block ="<p><strong>Access Denied !!!!</strong></p>";
    //exit;
}
?>
<HTML>
<TITLE>Secret Area</TITLE>
</HEAD>
<BODY>
<? echo "$display_block"; ?>
</BODY>
</HTML>

 
Old December 13th, 2003, 09:39 AM
Registered User
 
Join Date: Dec 2003
Posts: 7
Thanks: 0
Thanked 0 Times in 0 Posts
Default

I was also thinking maybe it could be a permission error from the server? (Apache web server..)

 
Old December 14th, 2003, 07:21 PM
Authorized User
 
Join Date: Nov 2003
Posts: 14
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Hello

Try this
<?php
if ((!$_REQUEST['username']) || (!$_REQUEST['password'])){
?>
PLACE YOUR HTML CODE FOR THE FORM IN HERE
<?php
}else{
?>\CHECK THE USERNAME AND PASSWORD AGAINST THE DB HERE
<?php
}
?>


I think what is happening in your code is that the first time the page is loaded the textbox value is empty so when it gets into the if the header is being caleed and redirecting to login.php where the same thin happens again and again
placing the form in the if statement will only write it when the textbox

Hope this helps

Chris

 
Old December 15th, 2003, 02:12 PM
Friend of Wrox
 
Join Date: Jun 2003
Posts: 836
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Hey Chris, I don't think that's really the problem. The page is split into two files -- the HTML form is in one file, and the PHP code that processes the form input is in another file. As such, the PHP file should never be called without having $_REQUEST set. If it is, then that means the user went there without submitting the form, so they're redirected to the login page.


I do see a major problem: You only print out the value of $_REQUEST inside the if() block that proves $_REQUEST['username'] and $_REQUEST['password'] don't exist. Of course it will be empty!

When debugging PHP applications, it helps to have descriptive messages displayed so you know exactly where the script is bombing.


During development/debugging, your PHP code should read something like this:

<?php

// login.php

if (isset($_REQUEST))
{
    echo "<pre>\$_REQUEST is: ";
    print_r($_REQUEST);
    echo "</pre>";

}

//check for required fields
if (!isset($_REQUEST['username']) || !isset($_REQUEST['password']))
{
    //header("Location:http://www.maac.bm/phpWeb/show_login.html");
    exit;
}

etc...


See -- this way, you view the contents of $_REQUEST regardless of whether 'username' or 'password' are sent.


A more sophisticated approach would be to define a debugging flag to easily enable or disable debugging messages without having to comment out (or remove) all your debugging code when you don't need it anymore:

<?php // debug.inc.php

// This is the default value, but can be changed by setting it
// to something else by submitting a new value via POST or GET.

$DO_DEBUG_DEFAULT = true;



// shouldn't have to change anything below this line.

if (!isset($_SESSION['DO_DEBUG']))
{
    $_SESSION['DO_DEBUG'] = $DO_DEBUG_DEFAULT;
}

$do_debug_order = array('POST', 'GET');

foreach ($do_debug_order as $src)
{
    $var = &$_{$src};
    if (isset($var['DO_DEBUG']))
    {
        // Copy new setting into session for persistence
        $_SESSION['DO_DEBUG'] = $var['DO_DEBUG'];
    }
}

function do_debug()
{
    return $_SESSION['DO_DEBUG'];
}

function dprintr(&$var, $desc = "")
{
    if (do_debug())
    {
        echo "<pre>" . (!empty($desc)? $desc : '');
        print_r($var);
        echo "</pre>\n";
    }
}

function decho($str)
{
    if (do_debug())
    {
        echo $str;
    }
}

?>


<?php // some file that you're debugging.php

require_once('debug.inc.php'); // import functions


if (isset($_REQUEST))
{
    dprintr($_REQUEST, '$_REQUEST'); // does print_r() if debugging is enabled
}
else
{
    decho("\$_REQUEST does not exist!\n"); // prints this line if debugging is enabled
}

HTH!


Take care,

Nik
http://www.bigaction.org/
 
Old December 15th, 2003, 03:52 PM
Registered User
 
Join Date: Dec 2003
Posts: 7
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Thanks for all the help guys! I actually figured out what the problem was (which just like I thought was a configuration error) - I was using either $_POST or $_REQUEST to try and get my variables but the problem was that $_POST is a new addition to PHP 4.1.0 - my server is running PHP 4.0.6 and I ended up having to use $_HTTP_POST_VARS .. which actually worked fine..

 
Old December 15th, 2003, 04:01 PM
Friend of Wrox
 
Join Date: Jun 2003
Posts: 836
Thanks: 0
Thanked 0 Times in 0 Posts
Default

If you have ANY control over the PHP installed on that server, I strongly suggest you upgrade to the latest stable version (4.3.4, I think).

If you do NOT have control, you should strongly urge the server admin to upgrade PHP.

The server admin can configure the newer PHP to support "old style" code, that is, they can set register_globals = on and error_reporting = E_ALL & ~E_NOTICE, which were the old default settings.

The only other problems that might arise are that experimental extensions (e.g. XSLT) have changed since that version. The function names, parameters, and/or return values might be changed between versions, but that's no reason to stay behind the times. PHP 4.1.0 was released about 2 years ago, and since then many security holes have been found and patched.

Considering that PHP, by default, makes its presence and version known via the X-Powered-By header, anyone looking to exploit these security holes need only look at a simple response from the server for the presence of this header.



Take care,

Nik
http://www.bigaction.org/
 
Old December 15th, 2003, 04:33 PM
Registered User
 
Join Date: Dec 2003
Posts: 7
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Tell me about it, but the admin for this server is a tightwad and won't upgrade until *they* think it's necessary .. doh!






Similar Threads
Thread Thread Starter Forum Replies Last Post
request forwarging & request redirection hafizmuhammadmushtaq Servlets 2 April 24th, 2008 12:42 AM
Request.Form / Request.QueryString Toran Classic ASP Databases 4 January 17th, 2007 02:23 PM
request elaangovan ASP.NET 2.0 Basics 0 July 12th, 2006 03:48 AM
request.qurystring vs. request.form Durwood Edwards Classic ASP Databases 3 June 18th, 2004 12:09 AM
request.querystring() , request.form() alyeng2000 ASP.NET 1.0 and 1.1 Basics 1 December 30th, 2003 12:07 AM





Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright (c) 2020 John Wiley & Sons, Inc.