Posted by d43m0n AT shaw DOT ca on 08/06/06 08:01

raymondmay@gmail.com wrote:
> okay. so all i am doing is changing a registration script that uses
> $_GET to a script that uses $_POST, but the validation script now
> returns NULL values for all posted vars.
>
> What's the deal?
>
> NOTE: when i use $_GET the script just works.
>
> Thanks in advance for helping a noob.
>
> script with the form:
> <?php
> // Connect to a session
> session_start( );
> ?>
> <form method="POST" action="reg_validate.php">
> <h2>User Profile</h2>
> <?php
>
> // Show meaningful instructions for UPDATE or INSERT or errors
> if(empty($errors))
> {
> if (session_is_registered("loginUsername"))
> {
> echo "<p><b>Please update your profile below as needed:</b></p>";
> }
> else
> {
> echo "<p><b>Please fill in all details below to join.</b></p>";
> }
> }else{
> // Display error message to the user
> showMessage();
> }
> ?>
> <table>
> <col span="1" align="right">
>
> <tr><td>User Name:</td>
> <td><? echo fieldError("userName", $errors); ?>
> <input type="text" name="userName"
> value="<? echo $formVars["userName"]; ?>"
> size=25></td>
> </tr>
>
> <tr><td>Real Name:</td>
> <td><? echo fieldError("realName", $errors); ?>
> <input type="text" name="realName"
> value="<? echo $formVars["realName"]; ?>"
> size=25></td>
> </tr>
>
> <tr><td>Sex:</td>
> <td><select name="title">
> <option <?php if ($formVars["sex"]=="M")
> echo "selected";?>>M
> <option <?php if ($formVars["sex"]=="F")
> echo "selected";?>>F
> </select><br></td>
> </tr>
>
> <tr><td>City:</td>
> <td><? echo fieldError("city", $errors); ?>
> <input type="text" name="city"
> value="<? echo $formVars["city"]; ?>"
> size=20></td>
> </tr>
>
> <tr><td>State:</td>
> <td><? echo fieldError("state", $errors); ?>
> <input type="text" name="state"
> value="<? echo $formVars["state"]; ?>"
> size=20></td>
> </tr>
>
> <tr><td>Zipcode:</td>
> <td><? echo fieldError("zipcode", $errors); ?>
> <input type="text" name="zipcode"
> value="<? echo $formVars["zipcode"]; ?>"
> size=5></td>
> </tr>
>
> <tr><td>Country:</td>
> <td><? echo fieldError("country", $errors); ?>
> <input type="text" name="country"
> value="<? echo $formVars["country"]; ?>"
> size=5></td>
> </tr>
>
> <tr><td>Date of birth (dd/mm/yyyy): </td>
> <td><? echo fieldError("dob", $errors); ?>
> <input type="text" name="dob"
> value="<? echo $formVars["dob"]; ?>"
> size=10></td>
> </tr>
>
> <?php
> // Only show the username/email and password
> // <input> widgets to new users
> if (!session_is_registered("loginUsername"))
> {
> ?> <tr><td>Email:</td>
> <td><? echo fieldError("email", $errors); ?>
> <input type="text" name="email"
> value="<? echo $formVars["email"]; ?>"
> size=50></td>
> </tr>
>
> <tr><td>Password:</td>
> <td><? echo fieldError("loginPassword", $errors); ?>
> <input type="password" name="loginPassword"
> value="<? echo $formVars["loginPassword"]; ?>"
> size=8></td>
> </tr>
>
> <tr><td><img src="/captcha.php"></td>
> <td><? echo fieldError("loginCaptcha", $errors); ?>
> Type in the text from the image to the left<br/>
> <input type="text" name="loginCaptcha"
> value="" size=8></td>
> </tr>
>
>
> <?php
> }
> ?>
> <tr>
> <td><input type="submit" value="Submit"></td>
> </tr>
> </table>
> </form>
> <?php
> foot();
> //prevent session hijacks by clearing sessions once informations is
> displayed
> // Clear the formVars so a future <form> is blank
> session_unregister("formVars");
> session_unregister("errors");
> ?>
>
>
>
> validation snippet:
> (not including all the validation just the meat where the vars are
> being grabbed)
>
> <?php
> // Initialize a session
> session_start();
>
> // Register an error array - just in case!
> if (!session_is_registered("errors"))
> session_register("errors");
>
> // Clear any errors that might have been
> // found previously
> $errors = array();
> $formVars = array();
>
> // Set up a $formVars array with the POST variables
> // and register with the session.
> if (!session_is_registered("formVars"))
> session_register("formVars");
>
> // TO DO remove $HTTP_GET_VARS and use all $_GET variables
> // TO DO use $_POST
> $formVars["userName"] = clean($_POST["userName"],50);
> $formVars["realName"] = clean($_POST["realName"], 50);
> $formVars["sex"] = clean($_POST["sex"], 50);
> $formVars["city"] = clean($_POST["city"], 50);
> $formVars["state"] = clean($_POST["state"], 50);
> $formVars["zipcode"] = clean($_POST["zipcode"], 50);
> $formVars["country"] = clean($_POST["country"], 50);
> $formVars["dob"] = clean($_POST["dob"], 50);
> $formVars["email"] = clean($_POST["email"], 50);
> $formVars["loginPassword"] = clean($_POST["loginPassword"], 50);
> $formVars["loginCaptcha"] = clean($_POST["loginCaptcha"], 50);
>
> ...
> ?>

Ok... What?

I'm looking at this code, and it looks like crap... First, you aren't
handling $_GET/$_POST properlly, you have undefined functions, and you
have a line break on line 135-136 that should not be there. Firstly..
you should not use sessions without using a buffer, aka, ob_start().

Now.. to do this correctly, you should establish a switch statment,
one, is a GET and the other POST, these are the varibles that should
matter over all the other, that way, you dont have crappy HTML and PHP
code throughout your script, either echo HTML, or get out...

Second, if the post is sent, then echo errors... its kindof stupid
checking for form varibles when the post hasnt been sent...

Reason for the ob, is that the cookies aren't properlly sent when the
session is created apon sending to the client... php is suppose to
start the buffer, define the session, and send the sid to the client
aka cookies...

Also... there are hundreds of properlly made php login scripts/forms,
you can look at on google...

• Next in forum: Re: problems with $_POST returning NULL values in php 4.4.2
• Prev in forum: Re: Technique for creating variables within a loop
• Thread view: Re: problems with $_POST returning NULL values in php 4.4.2

[Reply to this message]