Presentation is loading. Please wait.

Presentation is loading. Please wait.

Receiving form Variables

Similar presentations


Presentation on theme: "Receiving form Variables"— Presentation transcript:

1 Receiving form Variables
Module 2B Receiving form Variables

2 Register_Globals? Since PHP 4.2.1, the default PHP configuration requires a different mechanism to receive input for security reasons (than the one just shown) PHP configuration option to turn REGISTER_GLOBALS OFF (new default) or ON in the php.ini configuration file. If your site has REGISTER_GLOBALS OFF you must use a different mechanism to receive HTML Form Variables.

3 How can you tell if Register_Globals is OFF?
Enter the following PHP script and run it. <?PHP phpinfo(); ?> Use m06/6-8checkPHPini.php Search through the output for REGISTER_GLOBALS and see if it is set to OFF or ON. If it is off you may use the following ways to receive input data.

4 Effects of register_globals
register_globals boolean Tells whether or not to register the EGPCS (Environment, GET, POST, Cookie, Server) variables as global variables. For example; if register_globals = on, the url will produce $id. Or, $DOCUMENT_ROOT from $_SERVER['DOCUMENT_ROOT']. User data may clutter your PHP globals and even become a security risk

5 Why REGISTER_GLOBALS OFF?
Security <?php // define $authorized = true only if user is authenticated if (authenticated_user()) { $authorized = true; } /* Because we didn't first initialize $authorized as false, this might be defined through register_globals, like from GET auth.php?authorized=1 So, anyone can be seen as authenticated! */ if ($authorized) { include "/highly/sensitive/data.php"; } ?>

6 How do we get user variables?
As of PHP 4.2.0, this directive defaults to off It's preferred to go through PHP Predefined Variables instead, such as the superglobals: $_ENV, $_GET, $_POST, $_COOKIE, and $_SERVER. Read the security chapter on Using register_globals for related information

7 Getting input data with Register_Globals OFF? Method 1
To receive data with REGISTER_GLOBALS OFF you use a special variable called $_POST $name $_POST[‘name’]; Enclose in square bracket and quotes (see next slide) Name of HTML form variable (no $) PHP SuperGlobal. Technically it is an associative array PHP variable name that you want to receive the HTML form input.

8 Note on quotes around name
Update on 11/12/2003 You may use single or double quotes around the name of html form variable. The following are both acceptable: $name = $_POST[‘name’]; $name = $_POST[“name”];

9 When REGISTER_GLOBALS is OFF
Suppose your HTML form uses the following: Enter address: <input type="text" size="16" maxlength="20" name=" "> Then can receive input as follows: 1. <html> 2. <head><title> Receiving Input </title> </head> 3. <body> 4. <?php $ = $_POST[‘ ’]; // Note Single Quote 5. $contact = $_POST[‘contact’]; ?> 6. <h2>Thank You: Got Your Input.</h2> 7. <?php 8. print ("<br>Your address is $ "); 9. print ("<br> Contact preference is $contact"); 10. ?>

10 A Full Example ... The previous code can be executed at
and

11 Method 2: Recommended by php to handle GET/POST/Cookie variables into the global scope Use the function bool import_request_variables ( string types [, string prefix]) types parameter specifies which request variables to import 'G', 'P' and 'C' characters respectively for GET, POST and Cookie Order matters. If types ==“gp”, POST variables overwrite GET variables

12 Method 2: import_request_variables
bool import_request_variables ( string types [, string prefix]) prefix parameter is used as a variable name prefix, prepended before all variable's name imported into the global scope So if you have a GET value named "userid", and provide a prefix "pref_", then you'll get a global variable named $pref_userid. Reference:

13 <html> <head><title> Receiving Input </title> </head> <body> <font size=5>Thank You: Got Your Input.</font> <?php /* The following is recommended by php to handle GET/POST/Cookie variables into the global scope. Reference: */ import_request_variables("gp", "form27_"); print ("<br>Your address is $form27_ "); print ("<br> Contact preference is $form27_contact"); ?> </body> </html>

14 Full Example The previous code can be executed at
and

15 Third way If html form uses post Use in form.php Example:
<form method = "post" action = "form.php"> Use in form.php extract( $_POST ); Example: Fig_23_12_13 of textbook

16 Summary PHP supports both numeric and string variables.
String variables use different methods for value manipulation (for example, concatenation) than numeric variables do

17 Summary Use HTML forms to pass data to PHP scripts
HTML form elements include text boxes, text areas, password boxes, check boxes, radio buttons, and selection lists. PHP scripts can receive form element input values by using a PHP variable name that matches the one specified in the form element’s name argument. If RESITER_GLOBALS is off in your installation you must get input data using $_POST[“var_name”];


Download ppt "Receiving form Variables"

Similar presentations


Ads by Google