PHP Setup & Configuration - HELP!!!

HelloWorld · #1 (**permalink**) 06-26-2007, 11:04 PM

Ok, I have no clue why all of these happen... I really do need help from Gurus in PHP and ASP.NET

I'm not sure to what exactly wrong.. I'm pretty sure that there's nothing wrong with my code, but it doesn't print the name as I expected it's suppose to be...

form.php

PHP Code:

  <html>

<head>

<title>What's your name?</title>

</head>

<body>

<h1>What's your name?</h1>

<h3>Writing a form for user input</h3>

<form method = "post"

      action = "process.php">

Please type your name:

<input type = "text"

       name = "userName"

       value = "">

<br>

<input type = "submit">

 
</form>

</body>

</html>

process.php

PHP Code:

 
<html>

<head>

<title>Hi User</title>

</head>

<body>

<h1>Hi User</h1>

<h3>PHP program that receives a value from "whatsName"</h3>

 
<?php

 
  print "<h3>Hi there, $userName!</h3>";

 
?>

My output:

Code:

Hi User
PHP program that receives a value from "whatsName"
Hi there, !

$userName is suppose to be right after space in front of the coma... I'm not sure why is this happened? In fact, it happened when I tried ASP.NET too in my laptop. (My latop doesn't have XAMPP installed, however, I installed both XAMPP and .NET Framework 2.0 in this PC..) So that shouldn't be a problem right?

I'm dying..............

siLenTz · #2 (**permalink**) 06-26-2007, 11:37 PM

Only register_global is turned on that would allow you to do like this. If the
register_global is turned off, the $userName would not get the data from
the form.php. To solve this you should change your process.php code
to something like this and it will surely work:

PHP Code:

  <?php 
  $userName = $_REQUEST['userName'];
  print "<h3>Hi there, $userName!</h3>"; 
?>

But if you don't like to use $_REQUEST['userName'] everytimes. You can
turn register_global on in php.ini.

From siLenTz
Good luck with your PHP....

siLenTz · #3 (**permalink**) 06-27-2007, 12:18 AM

I forgot to tell you that using register_global is consider as insecure code.
Because register_global will get and declare variable from HTML form
directly, or session... and somethimes it will make you confusing and
messing. Here is simple example that prove that register_global is not
secure. I create an administrator page.

admin.php

PHP Code:

  <?php
   if ($admin) {
      print "you're an administrator";
   } else {
     print "you're not an administrator";   
   }
?>

I could simply using GET action to crack in your code by using this link
admin.php?admin=1. I know this is very simple example and it will never
happen in real time. But just example to know it is unsecure to use
register_global. Much of PHP sever disable it.

From siLenTz
Piece of pizza information...

HelloWorld · #4 (**permalink**) 06-27-2007, 07:29 AM

TESTED and INDEED it works beautifully!!! This is apply even I put the whole code in one form.php right? Unless if I enable the register_global as you said...

siLenTz · #5 (**permalink**) 06-27-2007, 07:37 AM

Let me explain you by examples which is more easy to understad.
If register_global is off the your code would be like this:

Code:

<form method="post" action=".">
   <input type="text" name="userName">
   <input type="submit">
</form>

<?php
   $userName = $_REQUEST['userName'];
   print $userName;
?>

But with register_global turned on you can do like this:

Code:

<form method="post" action=".">
   <input type="text" name="userName">
   <input type="submit">
</form>

<?php
   print $userName;
?>

From siLenTz
Hope you are understand....

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

The Following User Says Thank You to siLenTz For This Useful Post:
HelloWorld (06-27-2007)