Hi,

Friday, November 25, 2005, 10:22:46 PM, you wrote:

Hello everyone, i am running PHP 5 on Windows XP Pro SP2, my $_GET
and $_PST arrays do not seem to be working, I am Sure I am spelling
them right, but i keep getting the errors:

Is this a problem with configuration or is there a bug in PHP, thanks in
advance

If it was a PHP bug I think a few more people may notice it ;)

Try dumping out the values of the arrays, see what they say:

print_r($_GET);
print_r($_PST);

etc

Cheers,

Rich

Well it returned all values with print_r(); but i can't access them
this is what the page returns:

Array ( [Username] =SFF [Password] =dSF [EMail] =sfdf ) Array ( )
*Notice*: Undefined index: Username in *
D:\Apache\Apache(re)\Apache2\htdocs\RegisterP.php* on line *5*

*Notice*: Undefined index: Password in *
D:\Apache\Apache(re)\Apache2\htdocs\RegisterP.php* on line *6*

*Notice*: Undefined index: EMail in *
D:\Apache\Apache(re)\Apache2\htdocs\RegisterP.php* on line *7*

11/25/05, Richard Davey <rich (AT) corephp (DOT) co.ukwrote:

Hi,

Friday, November 25, 2005, 10:22:46 PM, you wrote:

Hello everyone, i am running PHP 5 on Windows XP Pro SP2, my $_GET
and $_PST arrays do not seem to be working, I am Sure I am spelling
them right, but i keep getting the errors:

Is this a problem with configuration or is there a bug in PHP, thanks in
advance

If it was a PHP bug I think a few more people may notice it ;)

Try dumping out the values of the arrays, see what they say:

print_r($_GET);
print_r($_PST);

etc

Cheers,

Rich

In php.ini (most likely located in your windows directory) look for the
globals section and turn register_globals = on

Matt

"Unknown Unknown" <phpinfolist (AT) gmail (DOT) comwrote in message
@mail.gmail.com
Hello everyone, i am running PHP 5 on Windows XP Pro SP2, my $_GET and
$_PST arrays do not seem to be working, I am Sure I am spelling them right,
but i keep getting the errors:
**
*Notice*: Undefined index: Username in *
D:\Apache\Apache(re)\Apache2\htdocs\RegisterP.php* on line *3*

*Notice*: Undefined index: Password in *
D:\Apache\Apache(re)\Apache2\htdocs\RegisterP.php* on line *4*

*Notice*: Undefined index: EMail in *
D:\Apache\Apache(re)\Apache2\htdocs\RegisterP.php* on line *5*

Is this a problem with configuration or is there a bug in PHP, thanks in
advance

Doesn't that cause security problems?

11/25/05, Matt Monaco <mmonaco3 (AT) jhu (DOT) eduwrote:

In php.ini (most likely located in your windows directory) look for the
globals section and turn register_globals = on

Matt
--
"Unknown Unknown" <phpinfolist (AT) gmail (DOT) comwrote in message
@mail.gmail.com
Hello everyone, i am running PHP 5 on Windows XP Pro SP2, my $_GET and
$_PST arrays do not seem to be working, I am Sure I am spelling them
right,
but i keep getting the errors:
**
*Notice*: Undefined index: Username in *
D:\Apache\Apache(re)\Apache2\htdocs\RegisterP.php* on line *3*

*Notice*: Undefined index: Password in *
D:\Apache\Apache(re)\Apache2\htdocs\RegisterP.php* on line *4*

*Notice*: Undefined index: EMail in *
D:\Apache\Apache(re)\Apache2\htdocs\RegisterP.php* on line *5*

Is this a problem with configuration or is there a bug in PHP, thanks in
advance

Hi Unknown,

Friday, November 25, 2005, 10:38:02 PM, you wrote:

Well it returned all values with print_r(); but i can't access
them this is what the page returns:

Post your code, there's an error in it if the $_PST etc arrays are
populated, but you can't access them.

Cheers,

Rich

Hi,
Friday, November 25, 2005, 10:43:20 PM, you wrote:
Doesn't that cause security problems?
Yes.
Post your *whole* code, not just snippets of it.
Cheers,
Rich

Somewhat, but its what you need to do for the post and get arrays to work.
What you need to do is make sure check the values in the global variables
before you use them. For example if on one page you have a form for a user
signup and <input type=text name='userName'on the next page
$_PST['userName'] should be checked for things like quotes and other
characters that will alter your SQL statement before you actually INSERT
that value into your table.

"Unknown Unknown" <phpinfolist (AT) gmail (DOT) comwrote in message
@mail.gmail.com
Doesn't that cause security problems?

11/25/05, Matt Monaco <mmonaco3 (AT) jhu (DOT) eduwrote:

In php.ini (most likely located in your windows directory) look for the
globals section and turn register_globals = on

Matt
--
"Unknown Unknown" <phpinfolist (AT) gmail (DOT) comwrote in message
@mail.gmail.com
Hello everyone, i am running PHP 5 on Windows XP Pro SP2, my $_GET and
$_PST arrays do not seem to be working, I am Sure I am spelling them
right,
but i keep getting the errors:
**
*Notice*: Undefined index: Username in *
D:\Apache\Apache(re)\Apache2\htdocs\RegisterP.php* on line *3*

*Notice*: Undefined index: Password in *
D:\Apache\Apache(re)\Apache2\htdocs\RegisterP.php* on line *4*

*Notice*: Undefined index: EMail in *
D:\Apache\Apache(re)\Apache2\htdocs\RegisterP.php* on line *5*

Is this a problem with configuration or is there a bug in PHP, thanks in
advance

could you give us all source lines, just cut and paste ?
hy

ag.

2005/11/26, Matt Monaco <mmonaco3 (AT) jhu (DOT) edu>:
Somewhat, but its what you need to do for the post and get arrays to work
What you need to do is make sure check the values in the global variables
before you use them. For example if on one page you have a form for a user
signup and <input type=text name='userName'on the next page
$_PST['userName'] should be checked for things like quotes and other
characters that will alter your SQL statement before you actually INSERT
that value into your table.
--
"Unknown Unknown" <phpinfolist (AT) gmail (DOT) comwrote in message
@mail.gmail.com
Doesn't that cause security problems?

11/25/05, Matt Monaco <mmonaco3 (AT) jhu (DOT) eduwrote:

In php.ini (most likely located in your windows directory) look for the
globals section and turn register_globals = on

Matt
--
"Unknown Unknown" <phpinfolist (AT) gmail (DOT) comwrote in message
@mail.gmail.com
Hello everyone, i am running PHP 5 on Windows XP Pro SP2, my $_GET and
$_PST arrays do not seem to be working, I am Sure I am spelling them
right,
but i keep getting the errors:
**
*Notice*: Undefined index: Username in *
D:\Apache\Apache(re)\Apache2\htdocs\RegisterP.php* on line *3*

*Notice*: Undefined index: Password in *
D:\Apache\Apache(re)\Apache2\htdocs\RegisterP.php* on line *4*

*Notice*: Undefined index: EMail in *
D:\Apache\Apache(re)\Apache2\htdocs\RegisterP.php* on line *5*

Is this a problem with configuration or is there a bug in PHP, thanks in
advance

I used SQLyog and it's formated corectly
though when i release it i will do that
Also i have a login script, same same problem i'l see what will work

11/25/05, Matt Monaco <mmonaco3 (AT) jhu (DOT) eduwrote:

Somewhat, but its what you need to do for the post and get arrays to work
What you need to do is make sure check the values in the global variables
before you use them. For example if on one page you have a form for a
user
signup and <input type=text name='userName'on the next page
$_PST['userName'] should be checked for things like quotes and other
characters that will alter your SQL statement before you actually INSERT
that value into your table.
--
"Unknown Unknown" <phpinfolist (AT) gmail (DOT) comwrote in message
@mail.gmail.com
Doesn't that cause security problems?

11/25/05, Matt Monaco <mmonaco3 (AT) jhu (DOT) eduwrote:

In php.ini (most likely located in your windows directory) look for the
globals section and turn register_globals = on

Matt
--
"Unknown Unknown" <phpinfolist (AT) gmail (DOT) comwrote in message
@mail.gmail.com
Hello everyone, i am running PHP 5 on Windows XP Pro SP2, my $_GET and
$_PST arrays do not seem to be working, I am Sure I am spelling them
right,
but i keep getting the errors:
**
*Notice*: Undefined index: Username in *
D:\Apache\Apache(re)\Apache2\htdocs\RegisterP.php* on line *3*

*Notice*: Undefined index: Password in *
D:\Apache\Apache(re)\Apache2\htdocs\RegisterP.php* on line *4*

*Notice*: Undefined index: EMail in *
D:\Apache\Apache(re)\Apache2\htdocs\RegisterP.php* on line *5*

Is this a problem with configuration or is there a bug in PHP, thanks in
advance

Matt Monaco wrote:
Somewhat, but its what you need to do for the post and get arrays to work.
<snip>

No. Things like $_PST and $_GET are global arrays and work regardless
of the register_globals setting. The information you're handing out
above is wrong and dangerous.

</snip>
What you need to do is make sure check the values in the global variables
before you use them. For example if on one page you have a form for a user
signup and <input type=text name='userName'on the next page
$_PST['userName'] should be checked for things like quotes and other
characters that will alter your SQL statement before you actually INSERT
that value into your table.

ie they should be sanitized. Things like mysql_real_escape_string() or
adding slashes (depending on your magic_quotes setting) should be done
prior to inserting any data. Also, you should check to ensure that it's
the data you expect; if you only allow usernames to contain
alpha-numeric characters, then you should check for that. Toss is out
if it contains something else.

Best rule of thumb: Never trust user input, regardless of the
register_globals setting.

I apologize, but I've never been able to access $_PST and $_GET in any
context whatsoever without first turning on the register globals.

"John Nichel" <jnichel (AT) by-tor (DOT) comwrote in message
news:4387AC03.1040302 (AT) by-tor (DOT) com
Matt Monaco wrote:
>Somewhat, but its what you need to do for the post and get arrays to
>work.
<snip>

No. Things like $_PST and $_GET are global arrays and work regardless of
the register_globals setting. The information you're handing out above is
wrong and dangerous.

</snip>
>What you need to do is make sure check the values in the global variables
>before you use them. For example if on one page you have a form for a
>user signup and <input type=text name='userName'on the next page
>$_PST['userName'] should be checked for things like quotes and other
>characters that will alter your SQL statement before you actually INSERT
>that value into your table.
>
ie they should be sanitized. Things like mysql_real_escape_string() or
adding slashes (depending on your magic_quotes setting) should be done
prior to inserting any data. Also, you should check to ensure that it's
the data you expect; if you only allow usernames to contain alpha-numeric
characters, then you should check for that. Toss is out if it contains
something else.

Best rule of thumb: Never trust user input, regardless of the
register_globals setting.

Hi Matt,

Saturday, November 26, 2005, 12:42:16 AM, you wrote:

I apologize, but I've never been able to access $_PST and $_GET in
any context whatsoever without first turning on the register
globals.

You have a seriously foobared installation of PHP then! :)

Cheers,

Rich

Matt Monaco wrote:
I apologize, but I've never been able to access $_PST and $_GET in any
context whatsoever without first turning on the register globals.

If you have a form like this one one page

<form action="page2.php" method="post">
<input type="hidden" name="foo" value="bar" />
<input type="submit" />
</form>

And this on page2.php

<?php

echo ( $_PST['foo'] );

?>

And the output on page2.php is not 'bar' when you submit the form,
something is very wrong with your install.

Well, I turned them off and it worked as it apparently should. It was just
a setting I read I had to make for globals to work the first time I install
PHP. I've made that change ever since.
I've always wondered why these variables - which I consider really
important, need to be turned on.

Matt

"John Nichel" <jnichel (AT) by-tor (DOT) comwrote in message
news:4387BE54.1030409 (AT) by-tor (DOT) com
Matt Monaco wrote:
>I apologize, but I've never been able to access $_PST and $_GET in any
>context whatsoever without first turning on the register globals.
>
If you have a form like this one one page

<form action="page2.php" method="post">
<input type="hidden" name="foo" value="bar" />
<input type="submit" />
</form>

And this on page2.php

<?php

echo ( $_PST['foo'] );

?>

And the output on page2.php is not 'bar' when you submit the form,
something is very wrong with your install.

Saturday 26 November 2005 02:45, John Nichel wrote:
If you have a form like this one one page

<form action="page2.php" method="post">
<input type="hidden" name="foo" value="bar" />
<input type="submit" />
</form>

[snip]

Dear John

Please go all the way when providing an example. To prevent errors and
unpredictable behaviour, ALWAYS add encoding to the form tag.

<form action="page2.php" method="post" enctype="multipart/form-data"
name="form1">

Systematically adding names on all your forms may save you many hours of hair
plucking as well ;)

With kind regards

Andy

Saturday 26 November 2005 02:45, John Nichel wrote:
>If you have a form like this one one page
>>
><form action="page2.php" method="post">
><input type="hidden" name="foo" value="bar" />
><input type="submit" />
></form>
>>
[snip]

Dear John

Please go all the way when providing an example. To prevent errors and
unpredictable behaviour, ALWAYS add encoding to the form tag.

<form action="page2.php" method="post" enctype="multipart/form-data"
name="form1">

Systematically adding names on all your forms may save you many hours of
hair
plucking as well ;)

Neither are required. enctype is implied if left out, and name is only
'useful' on the client side. Even the W3C's examples match what I posted.

#h-17.3