Simple - I dont think so

[richardterris]

Hi all,

 

Been a while since I worked with PHP, and since im now getting more involved in MySQL, I thought I should go back to basics, and learn how to code PHP properly.

 

I've started off with a real basic example of an HTML form "<html>

<body>

 

<FORM ACTION="welcome.php" METHOD=GET>

First Name: <INPUT TYPE=TEXT NAME="firstname"><BR>

Last Name: <INPUT TYPE=TEXT NAME="lastname">

<INPUT TYPE=SUBMIT VALUE="GO">

</FORM>

 

</body>

</html" called index.php and <?php

  echo "Welcome to our Web site,

$firstname $lastname!" ;

 

?>" called welcome.php

 

I know this code isnt valid, and is generally pretty messy, but since its just some exercises im not too concerned.... As far as i know this code is sound, in that it should take the 2 names, and pass them along with the url ?

 

When i enter the names and click "go", im getting the output "welcome to our website,"

 

I know that its an apache server, and that PHP Myadmin is installed - I recently connected to MySQL Db through it, but i cant help but get the feeling that some setting somewhere isnt right, because i think this code, sloppy as it is, should work.

 

Am i going mad? can anyone help?

 

Thanks,

 

RjT

[rhodesa]

the feature you are talking about is register_globals...and for security reasons is off by default. the way to do this now is:

 

<?php
  echo "Welcome to our Web site, '{$_GET['firstname']}' '{$_GET['lastname']}'!" ;
?>

[CroNiX]

It probably doesn't matter, but GET should have quotes around it:

<FORM ACTION="welcome.php" METHOD=GET>

[richardterris]

Hey

 

Thanks for that - thought i was going mad.... but i did suspect that it was something enabled or disabled

 

so why is this feature disabled now?

[CroNiX]

Its a big security risk and should never had existed in the first place, if you are referring the the "registered globals"

 

[genericnumber1]

See here for why register_globals can be very bad.