Re: Problems with POST method...

<disguised.jedi@xxxxxxxxx> · Sun, 12 Jun 2005 16:49:04 -0600

On 6/12/05, Pablo Hernán Saro <serlinux@xxxxxxxxx> wrote:
> HTML code (the file that contains the form):
> 
>   <form action="file.php" method="post" name="form1" target="_self">
>     <table width="95%" border="0" align="center">
>       <tr>
>         <td width="50%" height="26"><div align="right">Name:
>             <input name="name" type="text" id="name" maxlength="50">
>           </div></td>
>         <td width="50%"><div align="right">Mail:
>             <input name="mail" type="text" id="mail" maxlength="50">
>           </div></td>
>       </tr>
>       <tr>
>         <td> <div align="right">
>             <input name="clear" type="reset" id="clear" value="Clear">
>             <input name="cancel" type="button" id="cancel" value="Cancel"
> onClick="javascript:window.close();">
>           </div></td>
>         <td><div align="right">
>             <input name="ok" type="submit" id="ok" value="Ok">
>           </div></td>
>       </tr>
>     </table>
>   </form>
> 
> PHP code:
> 
> <?php
> if ($name=="" || $mail=="") {
>  echo "<font face='Verdana' size='4' color='red'>You must complete all
> fields.</font>";
> } else {
>  echo "<font face='Verdana' size='4'>All right!</font>";
> }
> ?>
> 
> When I submit the form... CRASH!!
> 
> Thanks
> 
> Pablo Hernán Saro
> LRU #388723
> 
OK...There are a few problems here.  First of all, is
'register_globals' set to 'on' in php.ini?  That is the configuration
setting that tells PHP to fill in all of the POST and GET vars as
regular variables.  This is HUGE security vulnerability, so you
shouldn't use it.  Instead, use this php code.

<?php
if ($_POST['name'] == "" || $_POST['mail'] == "") {
 echo "<font face='Verdana' size='4' color='red'>You must complete all
 fields.</font>";
} else {
 echo "<font face='Verdana' size='4'>All right!</font>";
}
?>

That should work great.  Or you could turn register_globals on and
allow the user to change the value of any variable in your script.

HTH,

-- 
PHP rocks!
"Knowledge is Power.  Power Corrupts.  Go to school, become evil"

Disclaimer: Any disclaimer attached to this message may be ignored. 
However, I must say that the ENTIRE contents of this message are
subject to other's criticism, corrections, and speculations.

This message is Certified Virus Free

-- 
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php