php form submitting empty variables

Question

rori 0 Newbie Poster

16 Years Ago

hi,
i have this code to submit a login form:

<?php
if(!isset($aid)){
?>
you must login:<br>
<form name="form1" method="post" action="<?=$PHP_SELF?>">
  <input type="text" name="aid"><br>
  <input type="password" name="apass><br>
  <input type="submit" name="submit" value=" Login "><br>
</form>
<?php
}
else{
?>
welcome etc...
<?php
}
?>

this code was working fine until something changed on the host server and i think it was register_globals changed from on to off and after that $aid is always empty except if i specifically call it as $_POST.
my question is: is my code above considered a good code, or should i use the $_POST and assign the value to the $aid variable instead of just using $aid directly? because i have many pages that i have to change this in.
i hope my question is clear... and thank you for your time.

php

5 Contributors
5 Replies
253 Views
4 Years Discussion Span
Latest Post 12 Years Ago Latest Post by joelbezerrapinho

Rayhan Muktader 18 Light Poster

16 Years Ago

You must refer to the user inputs as $_POST[aid] and $_POST[apass]. DO NOT refer to them as $aid and $apass (don't even save them as variables if possible). There are many situation where this will come back to bite you in the rear if you do. I will mention the most detrimental one which is called called sql injection. Lets assume that you are saving user data in a sql database and your form page is called rori.com. What do you think you might happen if I typed in something like rori.com?aid=drop+database in the address bar? Your code might pass $aid to the database where it will get executed. You should run some checks on $_POST[aid] and put it into something that does not resemble the variable name $aid then insert it in the database. Just google sql injection if you want a more elaborate explanation.
PS. You should thank whomever turned off global_register on the server so you can't refer to $_POST[aid] as $aid anymore. Then yell at him for ever having it turned on.

mom_of_3 3 Newbie Poster

16 Years Ago

If the register globals are set to off then you are going to have to use $_POST.

<?php
if(!isset($_POST['aid'])){
?>
you must login:<br>
<form name="form1" method="post" action="<? $_SERVER['PHP_SELF']; ?>">
  <input type="text" name="aid"><br>
  <input type="password" name="apass><br>
  <input type="submit" name="submit" value=" Login "><br>
</form>
<?php
}
else{
?>
welcome etc...
<?php
}
?>

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

Will Gresham 81 Master Poster · Answer 1 · 2008-05-09T01:21:21+00:00

If the register globals are set to off then you are going to have to use $_POST.

If register globals is on, turn it off, this is possibly the worst function ever, it encourages slack programming and security problems.

rori 0 Newbie Poster · Answer 2 · 2008-05-18T20:59:48+00:00

thanks everyone.
special thanks to Rayhan Muktader for the clear explanation.

joelbezerrapinho 0 Newbie Poster · Answer 3 · 2012-07-31T21:54:27+00:00

Hello,

I tried several outlaws but I log someone could post an example or identify the error

I tried so

<?php echo $_SERVER['PHP_SELF'] ?>
    and <?php var_dump($_SERVER) ?>


____________________________________________________________    


    CODE:


      <?
require("../conn.php");

if(isset($s1))
{
    if(!empty($aid) && !empty($apass))
    {
        $sql = "SELECT * FROM job_admin_login WHERE aid = '$aid' AND apass = '$apass'";
        $result = mysql_query($sql);

        if(mysql_num_rows($result) == '1')
        {
            $_SESSION[AdminID] = $aid;
            header("location:settings.php");
            exit();
        }
    }
}

require("../main.php");

?>

  <html>
  <head>
  <title> Administração Login  </title>
  </head>
  <body><center>
  <br>

<span class=HeaderClass>Administraçao - Login </span>


  <p><form method="post" action="<?=$PHP_SELF?>">

<table class="BlackText">
<tr>
    <td align="right">Admin ID:</td>
    <td> <input type="text" name="aid"></td>
</tr>

<tr>
    <td align="right">Senha:</td>
    <td><input type="password" name="apass"></td>
</tr>

<tr>
    <td colspan="2" align="right"><input type="submit" value="Entrar" style="border-color:black; background-color:white; color:#993300; font-weight:bold" name="s1"></td>
</tr>
<tr>
  <td colspan="2" align="center">  <a href=TNA "forgot.php">Esqueceu sua senha?</a></td></tr>
</table>
  </form></p>
  </center>
  </body>
  </html>

<?php
include_once("../footer.php");
?>

but it still fails

Tanks

Joel