Jump to content


Photo

v.newbie qu!


  • Please log in to reply
3 replies to this topic

#1 willwill100

willwill100
  • Members
  • PipPipPip
  • Advanced Member
  • 41 posts

Posted 07 March 2006 - 07:57 PM

<html>
<?php
if (isset($comf)){

echo("THIS THING WORKS!!");

}else{

?>
<form action="test.php" method="get">
User:<input type="text" name="uname"><br>
Password:<input type="password" name="upass"><br>
<input type="submit" name="comf" value="Submit">
</form>
<?php

}

?>

</html>

y is "this thing works" not outputted??

#2 XenoPhage

XenoPhage
  • Members
  • PipPipPip
  • Advanced Member
  • 99 posts

Posted 07 March 2006 - 08:03 PM

[!--quoteo(post=352590:date=Mar 7 2006, 02:57 PM:name=WillWill)--][div class=\'quotetop\']QUOTE(WillWill @ Mar 7 2006, 02:57 PM) View Post[/div][div class=\'quotemain\'][!--quotec--]
y is "this thing works" not outputted??
[/quote]

Presumably you mean *after* you submit the form. This is because register_globals is hopefully turned off, and $comf isn't defined anywhere. Try this :

if (isset($_REQUEST['comf'])) {
   print "THIS THING WORKS";
} else {
?>
<form action="test.php" method="get">
User:<input type="text" name="uname"><br>
Password:<input type="password" name="upass"><br>
<input type="submit" name="comf" value="Submit">
</form>
<?php

}

?>

</html>

--
[a href=\"http://blog.godshell.com\" target=\"_blank\"]XenoPhage[/a]
[!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]Something mysterious is formed, born in the silent void. Waiting alone and unmoving, it is at once still and yet in constant motion. It is the source of all programs. I do not know its name, so I will call it the Tao of Programming.[/quote]

#3 kenrbnsn

kenrbnsn
  • Staff Alumni
  • Advanced Member
  • 8,235 posts
  • LocationHillsborough, NJ, USA

Posted 07 March 2006 - 08:19 PM

You really should use the superglobal array that matches the method in your form, $_GET if the method is "get", $_POST for "post". If you use the $_REQUEST array, your script could be comprimised.

<?php
if (isset($_GET['comf'])) {
   print "THIS THING WORKS";
} else {
?>
<form action="test.php" method="get">
User:<input type="text" name="uname"><br>
Password:<input type="password" name="upass"><br>
<input type="submit" name="comf" value="Submit">
</form>
<?php
}
?>

Ken

#4 willwill100

willwill100
  • Members
  • PipPipPip
  • Advanced Member
  • 41 posts

Posted 07 March 2006 - 10:02 PM

[!--quoteo(post=352599:date=Mar 7 2006, 08:19 PM:name=kenrbnsn)--][div class=\'quotetop\']QUOTE(kenrbnsn @ Mar 7 2006, 08:19 PM) View Post[/div][div class=\'quotemain\'][!--quotec--]
You really should use the superglobal array that matches the method in your form, $_GET if the method is "get", $_POST for "post". If you use the $_REQUEST array, your script could be comprimised.

<?php
if (isset($_GET['comf'])) {
   print "THIS THING WORKS";
} else {
?>
<form action="test.php" method="get">
User:<input type="text" name="uname"><br>
Password:<input type="password" name="upass"><br>
<input type="submit" name="comf" value="Submit">
</form>
<?php
}
?>

Ken
[/quote]

Thanks for the help guys, sorry for the double post can a mod delete the duplicate?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users