How do I get my get?

[sKunKbad]

OK, so I want to get the city and st info from my form that I used method="get" on.

On my program that is receiving the form info, I need to turn the city and st into a variable, so I have been trying:

$var1="$_GET[city]";
$var2="$_GET[st]";

but this is not working, or I have more severe problems. Do I need to do something else to get these variables made?

Thanks,

[khendar]

Remove the double quotes around $_GET[]. And use single quotes for the variable inside $_GET that you are getting:

eg $var = $_GET['var'];

[akitchin]

ok, you are in dire need of a lesson in variables.

first of all, when setting one variable equal to another, NO quotes are necessary. quotes are only necessary when strings are involved, such as when you are putting a variable into the middle of a sentence, for example.

second, there are two types of indeces in an array. one is a non-constant (usually string) index, in which case quotes must be used in the index reference. the other is a constant index, where no quotes are necessary. in this case, your indeces are strings and should have quotes when selecting them:

[code]$var1 = $_GET['city'];
$var2 = $_GET['st'];[/code]

no outside quotes needed, index quotes needed since you're referring to a non-constant index. however, why you need to assign them to local variables? they're available everywhere in $_GET['city'] and $_GET['st'].

[b]EDIT: KHENDAR REPLIED SHORTLY BEFORE ME, BUT I'M LEAVING MY REPLY IN HOPES THAT YOU UNDERSTAND WHY.[/b]

[khendar]

^ He said it better.

[cunoodle2]

For the highest level of security write your get statements like this...

[code]<?php
$var_1= isSet($_GET['city']) ? $_GET['city'] : NULL;
?>[/code]

That basically says that if $_GET['city'] is set then assign it to the variable `var_1`.....otherwise assign `NULL` to that variable. Make sense?

[sKunKbad]

[!--quoteo(post=361832:date=Apr 4 2006, 09:01 PM:name=cunoodle2)--][div class=\'quotetop\']QUOTE(cunoodle2 @ Apr 4 2006, 09:01 PM) [snapback]361832[/snapback][/div][div class=\'quotemain\'][!--quotec--]
For the highest level of security write your get statements like this...

[code]<?php
$var_1= isSet($_GET['city']) ? $_GET['city'] : NULL;
?>[/code]

That basically says that if $_GET['city'] is set then assign it to the variable `var_1`.....otherwise assign `NULL` to that variable. Make sense?
[/quote]

I got it working, but I have a question for you cunoodle2. If the data in my database is not sensitive personal info, do I need to worry about this security you speak of?

[khendar]

Security is more than just protecting users data. Its also used for protecting your site. For example if you are using your $_GET variables to get information from a database, malicious users can use SQL Injection attacks to bypass your logon code and do damage to your database, even delete it.

Variable checking is a good habit to get into anyway. If the data which is send via GET is not what your code expected, its better to handle it properly rather than have it break the page.

[sKunKbad]

[!--quoteo(post=361852:date=Apr 4 2006, 10:03 PM:name=khendar)--][div class=\'quotetop\']QUOTE(khendar @ Apr 4 2006, 10:03 PM) [snapback]361852[/snapback][/div][div class=\'quotemain\'][!--quotec--]
Security is more than just protecting users data. Its also used for protecting your site. For example if you are using your $_GET variables to get information from a database, malicious users can use SQL Injection attacks to bypass your logon code and do damage to your database, even delete it.

Variable checking is a good habit to get into anyway. If the data which is send via GET is not what your code expected, its better to handle it properly rather than have it break the page.
[/quote]

Thanks for the info khendar. I immediately made those changes! Is the following safe?

[code]if (!isset($_GET['page'])){
           $page = 1;
           } ELSE {
           $page = $_GET['page'];
        }[/code]

[khendar]

Thats a good start. However it doesn't end here. You will need to make sure that what has been entered is valid, not just not null.

For example: If you are accepting variables passed through the url eg

www.something.com/index.php?page=2

and page 2 actually exists, then this is fine.

However I can go www.something.com/index.php?page=142231455233 and unless you verify that page 142231455233 exists then it may cause an error.

[sKunKbad]

[!--quoteo(post=361861:date=Apr 4 2006, 11:28 PM:name=khendar)--][div class=\'quotetop\']QUOTE(khendar @ Apr 4 2006, 11:28 PM) [snapback]361861[/snapback][/div][div class=\'quotemain\'][!--quotec--]
Thats a good start. However it doesn't end here. You will need to make sure that what has been entered is valid, not just not null.

For example: If you are accepting variables passed through the url eg

www.something.com/index.php?page=2

and page 2 actually exists, then this is fine.

However I can go www.something.com/index.php?page=142231455233 and unless you verify that page 142231455233 exists then it may cause an error.
[/quote]

Can you give me a little mini tutorial on that using the code above?