Re: [php] passing variables doesn't work

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



WILLEMS Wim (BMB) wrote:
Dear all,
I am trying to pass variables from one php-file to another but that
doesn't seem to work. Anyone an idea what I am doing wrong?
The first file shows a dropdown with all the databases on the server
(only 1 for me). You have to select a database and put an SQL query in
the textarea.
Pushing "Execute query!" then calls the second file test2.php which
should put all the variables on the screen (first there was another
routine but that did not work, so I created this simple output to test
the veriables).
<html>
<head>
<title> PHP SQL Code Tester </title>
</head>
<body>
<!--query.php-->
<?php
 $host="localhost";
 $user="some_user";
 $password="some password";
?>
<form action="test2.php" method=post>
Please select the database for the query:<br><br>
<select name=database size=1>
<?php
 $wim = 5; /* this is added to test the passing of the variables -
doesn't work either */
 $link = mysql_connect($host, $user, $password)
       or die(" Cannot connect : " . mysql_error());
 $db_table = mysql_list_dbs();
for ($i = 0; $i < mysql_num_rows($db_table); $i++) {
  echo("<option>" . mysql_tablename($db_table, $i));
 }
?>
</select>
Please input the SQL query to be executed:<br><br>
<textarea name=query cols=50 rows=10></textarea>
<br><br>
<input type=submit value="Execute query!">
</form>
</body>
</html>
This routine which is called with the routine above should print all
variables but it doesn't. Well, the routine itself works but the
variables are empty.
<html>
<head>
<title>PHP SQL code tester</title>
</head>
<body>
<!-- test2.php-->
<?php
 echo "Dit is een test<br>"; 	/* this is printed to the screen */
 echo "$wim";			/* this is NOT printed to the screen */

You're relying on register_globals being on.

That's not going to work in 99% of the cases, it's a security issue.

Instead everything goes into the $_POST array:

echo $_POST['wim'] . "<br/>";

If the form action was "get" instead of "post" it would go into the $_GET array.

You should also read up on sanitizing user input and sql injection.
http://www.phpsec.org/ has quite a few good links on the subject(s).

--
Postgresql & php tutorials
http://www.designmagick.com/

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux