post variable

[fortnox007]

Hi guys, I pretty new to php, and was writing a small script after a I read a chapter (4) about if-statements of a book. But it seems I am doing something wrong. Maybe someone could help me in the right direction.

 

In a nutshell: I have a small form, and when someone presses submit it should go to another page and include the variables of the previous page. So far I am only been able to include html form variables which I recover on the next page with $_POST['xxxx'];

 

here under ill Put a part of my script which is not of any use, but its more for me to understand how to get php variables on the next page. I am using a self referencing script and i have some comments added to read along.

 

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
        <title>bla bla bla</title>
    </head>
    <body>
        <?php  
        //code to be executed when monkey button pressed
        if (isset($_POST['monkey'])){        
                echo $_POST[$number1];
                echo 'monkey pressed';
        }
        //code to be executed when snakes button pressed
        if (isset($_POST['snakes'])){        
                echo $_POST[$number1];
                echo 'snakes pressed';
        }
        ?>
        <h1>bla bla bla</h1>
        <h3>
            <?php
            $number1 = $number1.mt_rand(1,100000);
            echo $number1;
            ?>
        </h3>
        <form action="<?php echo $_PHP['PHP_SELF']; ?>" method="post">
            <input type="submit" value="monkey" name="monkey" />
            <input type="submit" value="snakes" name="snakes" />
        </form>

    </body>
</html>

[fortnox007]

So in a nut-nutshell. How to retrieve php variables on the next page.

I am pretty sure i can use hidden fields for it, but if there is another way, I would love to hear it, because I am also pretty sure that people can edit hidden fields  

[Pikachu2000]

You'd either pass it through a hidden field, or a $_SESSION var. Also, you don't want to use action="<?php echo $_SERVER['PHP_SELF']; ?>" to submit a form to itself. Use action="" instead.

[fortnox007]

Wow thanks a lot for your swift response.

Would you mind explain a little why not to use <?php echo $_PHP['PHP_SELF']; ?>

I am just starting with php and in the book I bought they say i should use it to let the page self reference.

Is there maybe a security risk when i use it?

If you happen to have time for it i would be extremely pleased. Ill search for session variables

(just 3 chapters away ;-)

 

Thanks man!

 

John

[fortnox007]

Holy crap, I just googled my ass of for don't use  <?php $_SERVER['PHP_SELF']; ?>

and i found loads and loads of blogs about it.

Thanks Alot for pointing me to this. I really apreciate it The only thing i realy hate is that the book i have doesn't say 1 word about it and above all a so called security dude  was one of the authors. 

Well if someone knows a good book to write proper and secure php I am all ears! (eyes in this case  )

 

And again thanks m8 for the quick help