Re: What am I doing wrong? — PHP Language

You are here: Re: What am I doing wrong? « PHP Language « IT news, forums, messages

Posted by Kimmo Laine on 06/18/05 18:27

"Ant" <SPAMBGONE@nospam.com> kirjoitti
viestiss�:d91c91$m3$1@wisteria.csv.warwick.ac.uk...
> Hi,
>
> I've just started learning php and I'm having a problem.
> I'm following a tutorial for creating a guestbook with a mysql backend -
> everything is set up correctly.
>
> Here's the relevant code for the page where the user types in their name
> and location (sign.php)
>
> <h2>Sign my guestbook</h2>
> <form action="create_entry.php">
> <b>Name:</b>
> <input type="text" size=40 name=name>
> <br>
> <b>Location:</b>
> <input type="text" size=40 name=location>
>
> What I want is the values stored in name and location to be entered into
> the database.
>
> In create_entry.php I have this code:
> $query = "INSERT INTO guestbook VALUES ('$name', '$location')" ;
>
> Now for some reason the variables name and location are not entered in the
> database, instead blank fields are entered. When I replace the variable
> names with absolute values the database is updated correctly to show those
> values so I know the query works. But somehow the name and location are
> not being sent from sign.php to create_entry.php even though they are
> there and present in the header info
> e.g
>
> http://localhost/create_entry.php?name=John&location=London&submit=Sign
>
> Anyone know what I'm doing wrong, any help much appreciated.

What ever source you got that example, it is outdated. Submitted form fields
are no longer available as variables directly, but you need to retrieve them
from arrays $_GET, $_POST or $_REQUEST. To get form field "name", you fetch
it from one of the named arrays: $my_name = $_GET['name']; and $my_location
= $_GET['location'];
Now this works:
$query = "INSERT INTO guestbook VALUES ('$my_name', '$my_location')" ;

You can also use this sort of syntax:
$query = "INSERT INTO guestbook VALUES ('{$_GET['name']}',
'{$_GET['location']}')" ;

Which ever is less confusing.

If you're intrested about why things were changed such dramatically, you can
read about it at: http://www.php.net/manual/en/security.globals.php , but in
short words: it's for your own safety. When you are using variables from a
restricted array, you absolutely know they are user inputs, and none of your
other variables aren't. It's a good thing to keep your own variables and
user data separated.

--
"I am pro death penalty. That way people learn
their lesson for the next time." -- Britney Spears

eternal.erectionN0@5P4Mgmail.com

Navigation:

Next in forum: Re: What am I doing wrong?
Prev in forum: Re: What am I doing wrong?
Thread view: Re: What am I doing wrong?

[Reply to this message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация