[Wylug-help] LAMP: form vars not passed to php script

Andy Macdonald andy at greenhead.ac.uk
Wed, 08 Jan 2003 13:03:35 GMT


Thanks to Mike, Gavin & Jason for their comments.

I've now glanced at (is this my problem? I don't really want to learn a
programming language, I just want to get the computer to do stuff) php.org and
phpfreaks.com. I have quickly rewritten login.php - but I have still evidently
missed something somewhere ...
I gathered that, instead of $foo, I now have to use $_POST('foo'] or
$_REQUEST['foo'], so I rewrote:

$query = "SELECT userId, userName, userPass from users WHERE userName =
$_REQUEST['frmuser'] AND userPass = MD5($_REQUEST['frmpass'])";

But still no values come thru, or with $_POST ...

On Wed, 08 Jan, mikeb@gbdirect.co.uk
 wrote:
> On Wed, Jan 08, 2003 at 09:49:55AM +0000, Andy Macdonald wrote:
> > I wrote a little app using LAMP which works OK and then built a faster
> machine
> > to run it on: RedHat 7.1, Apache 1.3.27, MySQL 3.23.54a, PHP 4.3.0
> > (I also installed OpenSSL 0.9.7 and ModSSL 2.8.12).
> >
> > I copied all the scripts over and exported and imported the SQL data, but
> they
> > didn't work. Initially this was because I hadn't set up the MySQL user I
was
> > using to access the data in the PHP script, but now I've fixed that and I
> find
> > that form variables (userid, pwd) from my initial html form don't get
> through
> > to the 'action' script - login.php ??
> >
> > MIME types in httpd.conf -
> >     AddType application/x-httpd-php .php
> >     AddType application/x-httpd-php-source .phps
> >     AddType application/x-tar .tgz
> >
> > Can anyone point out my simple blunder?
>
> You probably don't have register_globals set in your php.ini file.
> That's what causes things like <input name=fred> appear in PHP scripts
> as the variable $fred.
>
> It is now off by default because it's a significant security risk. With
> versions of PHP above 4.1 (if I remember aright) you have to use arrays
> like _REQUEST['fred'] instead. It's a bugger because it breaks tons of
> existing code, but you can see why when you read the security advisories.
>
> Mike
>

--
Andy Macdonald
Network Manager, Greenhead College
Huddersfield, HD1 4ES, England.
Tel: 01484 422032
Mobile: 07932 635057
See award winning web site:
http://www.greenhead.ac.uk