Re: Possible OT php form processing..

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

boah is there a need for top-posting and destroy threads?

print "Your name $_GET['username'] <br>";
is within one of the stupiedst things one can do

print 'Your name ' . htmlentities($_GET['username']) . ' <br />';
is the ABSOLUTELY minimum of sanitize and the OP has much
larger missing knowledge because register_globals was deprectaed
more than 10 years ago for security reasons as also any documentation
states that unsaitized userinput is ALWAYS bad

* $_POST
* $_GET
* $_REQUEST
* $_COOKIES

are NOT trustable, YES $_COOKIES too!


Am 08.03.2013 17:34, schrieb Néstor:
> Try:
> print "Your name $_GET['username'] <br>";
> print "you live in region: $_GET['region']";
> 
> Look at all the examples in
> http://php.net/manual/en/reserved.variables.get.php
> 
> Good Luck!!!
> 
> On Fri, Mar 8, 2013 at 7:36 AM, Reindl Harald <h.reindl@xxxxxxxxxxxxx <mailto:h.reindl@xxxxxxxxxxxxx>> wrote:
> 
>     Am 08.03.2013 16:32, schrieb Aaron Konstam:
>     > I don't know whether its my ignorance but I am having a problem wit form
>     > processing through php. I wish some help. Small example below:
>     >
>     >       form.html        ---------
>     > <html>
>     > <body>
>     > <h1> Welcome to ABC Web Page </h1>
>     > <form action="formscripts/processForm.php" method="GET">
>     > Enter Your Name:
>     > <Input type="text" name="username"><br>
>     > Where do you live?
>     > <input type="text" name="region"><b>
>     > <INPUT type="SUBMIT" name="submit" value="submit order" >
>     > </form>
>     > </body>
>     > </html>
>     >
>     >         processForm.php
>     >         ----------------
>     > <html>
>     > <body>
>     >  <h3> Your form is being processed </h3>
>     > <?php
>     > print "Your name $username <br>";
>     > print "you live iin region: $region";
>     > ?>
>     > </body>
>     > </html>
>     >
>     > When I run form.html and click the submit , processForm.php is run but
>     > $username and $region is not transferred. Why is that?
> 
>     oh my god
> 
>     * register_globals is dead since years
>     * echo unsanitized user input is pure XSS
>     * unedfined variables are unsexy
>     * method GET form forms is bad and insecure for passwords due history

Attachment: signature.asc
Description: OpenPGP digital signature

-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux