alpeabody Posted March 8, 2010 Share Posted March 8, 2010 I have just installed WAMPServer 2.0, and it got me most of the way to success! I have a short PHP script I am using as a training aid. Here is HTML form that calls the script: <form action="http://localhost/Processorder.php" method="post"> <table border="0"> <tr bgcolor="#cccccc"> <td width="150">Item</td> <td width="15">Quantity</td> </tr> <tr> <td>Tires</td> <td align="center"><input type="text" name="tireqty" size="3" maxlength="3" > </tr> <tr> <td>Oil</td> <td align="center"><input type="text" name="oilqty" size="3" maxlength="3" > </tr> <tr> <td>Spark Plugs </td> <td align="center"><input type="text" name="sparkqty" size="3" maxlength="3"> </tr> <tr> <td colspan="2" align="center"><input type="submit" value="Submit Order" </td> </tr> </table> </form> And the PHP script it calls is: <html> <head> <title>Bob's Auto Parts-Order Results</title> </head> <body> <h1>Bob's Auto Parts</h1> <h2>Order Results</h2> <?php echo '<p>Order Processed.</p>'; $totalqty = 0; $totalqty = $tireqty + $oilqty + $sparkqty; echo "Items ordered: " , $totalqty , "<br>" ; define('TIREPRICE', 79.95); define('OILPRICE', 5.98); define('SPARKPRICE', 4.95); $tireprice = ($tireqty * TIREPRICE); $oilprice = ($oilqty * OILPRICE) ; $sparkprice = ($sparkqty * SPARKPRICE); $taxrate = 0.06; //Sales tax is 6% $totalbill=0.00; $tirebill=0.00; $tirebill=$tireqty*$tireprice; echo "Tires: " , $tireqty , " at $" , $tireprice , " = $" , number_format($tirebill,2) , "<br>"; $oilbill=$oilqty*$oilprice; echo "Quarts of Oil: " , $oilqty , " at $" , $oilprice , " = $" , number_format($oilbill,2) , "<br>"; $sparkbill=$sparkqty*$sparkprice; echo "Spark Plugs: " , $sparkqty , " at $" , $sparkprice , " = $" , number_format($sparkbill,2) , "<br>"; $totalbill=($tirebill+$oilbill+$sparkbill); echo "Total Taxable = $" , number_format($totalbill,2) , "<br>"; $totalbill*=(1+$taxrate); echo "Total with Tax = $" , number_format($totalbill,2) , "<br>"; ?> </body> </html> On a Website I maintain as a volunteer, this same script, the only difference being that rather than "localhost" I call Processorder.php using the address provided by the web host, all works fine: I fill in the form, and click Submit Order, and the information is calculated and echoed to the screen. On my computer with WAMP, the PHP script is called, but none of the data I enter is posted. The output looks like this: Bob's Auto Parts Order Results Order Processed. Notice: Undefined variable: oilqty in C:\wamp\www\Processorder.php on line 11 Notice: Undefined variable: tireqty in C:\wamp\www\Processorder.php on line 11 Notice: Undefined variable: sparkqty in C:\wamp\www\Processorder.php on line 11 Items ordered: 0 Notice: Undefined variable: tireqty in C:\wamp\www\Processorder.php on line 18 Notice: Undefined variable: oilqty in C:\wamp\www\Processorder.php on line 19 Notice: Undefined variable: sparkqty in C:\wamp\www\Processorder.php on line 20 Notice: Undefined variable: tireqty in C:\wamp\www\Processorder.php on line 28 Tires: Notice: Undefined variable: tireqty in C:\wamp\www\Processorder.php on line 29 at $0 = $0.00 Notice: Undefined variable: oilqty in C:\wamp\www\Processorder.php on line 30 Quarts of Oil: Notice: Undefined variable: oilqty in C:\wamp\www\Processorder.php on line 31 at $0 = $0.00 Notice: Undefined variable: sparkqty in C:\wamp\www\Processorder.php on line 32 Spark Plugs: Notice: Undefined variable: sparkqty in C:\wamp\www\Processorder.php on line 33 at $0 = $0.00 Total Taxable = $0.00 Total with Tax = $0.00 I am greatly encouraged by the fact that the PHP script is found and executed. Even seeing the Error Codes beats seeing a File Not Found error, or some indication that the PHP code was not run at all (my previous best result). I strongly suspect what I have here is a problem in php.ini or something else in WAMP which is simply failing to record and post the data to Processorder.php. Any ideas? What should I do next? Thanks! Al Peabody Quote Link to comment https://forums.phpfreaks.com/topic/194539-html-php-script-post-problem-i-think/ Share on other sites More sharing options...
xnowandtheworldx Posted March 8, 2010 Share Posted March 8, 2010 <form action="http://localhost/Processorder.php" method="post"> <table border="0"> <tr bgcolor="#cccccc"> <td width="150">Item</td> <td width="15">Quantity</td> </tr> <tr> <td>Tires</td> <td align="center"><input type="text" name="tireqty" size="3" maxlength="3" > </tr> <tr> <td>Oil</td> <td align="center"><input type="text" name="oilqty" size="3" maxlength="3" > </tr> <tr> <td>Spark Plugs </td> <td align="center"><input type="text" name="sparkqty" size="3" maxlength="3"> </tr> <tr> <td colspan="2" align="center"><input type="submit" value="Submit Order" </td> </tr> </table> </form> And the PHP script it calls is: <html> <head> <title>Bob's Auto Parts-Order Results</title> </head> <body> <h1>Bob's Auto Parts</h1> <h2>Order Results</h2> <?php echo '<p>Order Processed.</p>'; $tireqty = $_POST['tireqty']; $oilqty = $_POST['oilqty']; $sparkqty = $_POST['sparkqty']; $totalqty = 0; $totalqty = $tireqty + $oilqty + $sparkqty; echo "Items ordered: " , $totalqty , "<br>" ; define('TIREPRICE', 79.95); define('OILPRICE', 5.98); define('SPARKPRICE', 4.95); $tireprice = ($tireqty * TIREPRICE); $oilprice = ($oilqty * OILPRICE) ; $sparkprice = ($sparkqty * SPARKPRICE); $taxrate = 0.06; //Sales tax is 6% $totalbill=0.00; $tirebill=0.00; $tirebill=$tireqty*$tireprice; echo "Tires: " , $tireqty , " at $" , $tireprice , " = $" , number_format($tirebill,2) , "<br>"; $oilbill=$oilqty*$oilprice; echo "Quarts of Oil: " , $oilqty , " at $" , $oilprice , " = $" , number_format($oilbill,2) , "<br>"; $sparkbill=$sparkqty*$sparkprice; echo "Spark Plugs: " , $sparkqty , " at $" , $sparkprice , " = $" , number_format($sparkbill,2) , "<br>"; $totalbill=($tirebill+$oilbill+$sparkbill); echo "Total Taxable = $" , number_format($totalbill,2) , "<br>"; $totalbill*=(1+$taxrate); echo "Total with Tax = $" , number_format($totalbill,2) , "<br>"; ?> </body> </html> You were trying to use PHP's globals. NEVER use PHP globals with the forms. I know there is a name for them but it slips my mind atm. So basically, when you need info from the forms use $_POST['form_input_name_here']; to get your data. EDIT: Ah HAH! I remember now, it's called Register_Globals. Read about it at http://ca.php.net/manual/en/security.globals.php Quote Link to comment https://forums.phpfreaks.com/topic/194539-html-php-script-post-problem-i-think/#findComment-1023161 Share on other sites More sharing options...
Anti-Moronic Posted March 8, 2010 Share Posted March 8, 2010 Wow, didn't even notice that at first. It's true, you're using register_globals which is highly insecure - and is turned off by default in wamp. That means the site you are developing on has it turned on so try to get it turned off in php ini. Along with that, it is also a good idea to validate ALL data received from the client (not just forms) using common validation checks. Like we know $tireqty should be a number, so we make sure it is by doing this: $tireqty = intval($_POST['tireqty']); ..always use $_POST or $_GET when dealing with forms and always be aware of the security implications if your script allows you to use $nameoffield without using $_POST. Quote Link to comment https://forums.phpfreaks.com/topic/194539-html-php-script-post-problem-i-think/#findComment-1023163 Share on other sites More sharing options...
PFMaBiSmAd Posted March 8, 2010 Share Posted March 8, 2010 The problem is that the code is almost 8 years out of date. It relies on register_globals to 'magically' populate program variables from the form's $_POST data. Register_globals were turned off by default in php4.2 in the year 2002. No new code, books, tutorials, or web hosting should have been written that relied on them or had them turned on after that point in time. Don't turn on register_globals on your development system to get your code to work because register_globals have been completely removed in upcoming php6. Register_globals also 'magically' let hackers set your session and program variables by simply setting same name GET parameters on the end of the URL and a lot of web sites have been taken over. Learn to use the correct $_GET, $_POST, $_COOKIE, $_SESSION, $_FILES, $_SERVER, and $_ENV variables in your code. If your code uses session_register(), session_is_registered(), or session_unregister(), you will need to make additional changes to eliminate those function calls and use the $_SESSION variables. If any of the code on the site you maintain also relies on register_globals to work, you will eventually need to update that code. Quote Link to comment https://forums.phpfreaks.com/topic/194539-html-php-script-post-problem-i-think/#findComment-1023165 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.