invincible_virus Posted September 21, 2008 Share Posted September 21, 2008 Hi, I had developed a web-site using php 4. Now, I have upgraded to php 5. I have a form which is something like - <form name="formPG" method="post" action="search.php" style="margin: 0pt;" > <tr> <td colspan="2" align="left" valign="top"><select class=textboxes1 name="Budget"> <option selected value="1">Select</option> <option value="2">1000-2000</option> <option value="3">2000-3000</option> <option value="4">3000-4000</option> <option value="5">4000-5000</option> <option value="6">Above 5000</option> <option value="7">Negotiable</option> </select></td> </tr> </form> and a php file acting on this form submit, which reads the request params as - $Budget Now, my problem is that after upgrading to php 5, this variable is never read by th action file properly and its value is always 0. I tried to read through the backward incompatibility issues with php5, but could not find this one listed there. Do I need to change the whole code to be like - $_REQUEST['Budget'] Link to comment https://forums.phpfreaks.com/topic/125156-request-params-in-php5/ Share on other sites More sharing options...
chronister Posted September 21, 2008 Share Posted September 21, 2008 The proper way to receive POST data from a form is this..... $field = $_POST['fieldName']; The reason you could simply use $fieldName is because register_globals was turned on by default. This is bad as it will accept most any post, get and request data and turn it into a variable automatically. Not good security. So now it is turned off, which is the way it should be. So for post data, use the above. For GET data, use $_GET['varName']; Nate Link to comment https://forums.phpfreaks.com/topic/125156-request-params-in-php5/#findComment-646895 Share on other sites More sharing options...
invincible_virus Posted September 21, 2008 Author Share Posted September 21, 2008 Thanks chronister. can you tell me, where is this configuration 'register_globals ' defined? Also, is there any security difference in using $_GET['varName']; and $_REQUEST['varName']; ? Link to comment https://forums.phpfreaks.com/topic/125156-request-params-in-php5/#findComment-646903 Share on other sites More sharing options...
JasonLewis Posted September 21, 2008 Share Posted September 21, 2008 The register_globals setting is located in your php.ini file. Just Ctrl+F to find it, make sure it's OFF! Link to comment https://forums.phpfreaks.com/topic/125156-request-params-in-php5/#findComment-646905 Share on other sites More sharing options...
chronister Posted September 21, 2008 Share Posted September 21, 2008 register_globals is defined in the php.ini file.... I don't suggest finding it and turning it on. Do the right thing and code the site properly and don't rely on unsecure methods from old versions. $_REQUEST contains: $_COOKIE, $_GET, and $_POST variables if you use $_REQUEST you have no guarantee that the data came from the post data, which leads to security holes in your script You can use $_REQUEST, but it can be problematic if you are expecting POST data with var name foo and a bad user messes with cURL and throws the post data in there and then injects some get data with the name foo as well. I am not sure which one $_REQUEST will settle on, but you can see where issues may arise. Best to use the method your expecting and forget $_REQUEST exists.... I am sure there are perfectly valid uses for it, but I have not needed it yet. Nate Link to comment https://forums.phpfreaks.com/topic/125156-request-params-in-php5/#findComment-646906 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.