[Wylug-help] LAMP: form vars not passed to php script

mikeb@gbdirect.co.uk mikeb at gbdirect.co.uk
Wed, 8 Jan 2003 13:19:15 +0000


On Wed, Jan 08, 2003 at 01:03:35PM +0000, Andy Macdonald wrote:
> Thanks to Mike, Gavin & Jason for their comments.
>
> I've now glanced at (is this my problem? I don't really want to learn a
> programming language, I just want to get the computer to do stuff) php.org and
> phpfreaks.com. I have quickly rewritten login.php - but I have still evidently
> missed something somewhere ...
> I gathered that, instead of $foo, I now have to use $_POST('foo'] or
> $_REQUEST['foo'], so I rewrote:
>
> $query = "SELECT userId, userName, userPass from users WHERE userName =
> $_REQUEST['frmuser'] AND userPass = MD5($_REQUEST['frmpass'])";
>
> But still no values come thru, or with $_POST ...

Welcome to the bag of contradictions and ill-thought through features that
PHP proves to be. Sadly, you can't interpolate arrays in strings like that.

You would have to use:
$query = "SELECT userId, userName, userPass from users WHERE
userName =" . $_REQUEST['frmuser'] .
" AND userPass = MD5(" . $_REQUEST['frmpass']. ")"

I.e. doing your own interpolation by string-pasting instead,
at least that's what I believe without actually trying it in
practice.

And have you looked into whether or not magic_quotes is set?
That will affect the values of the variables coming in from the
form - the best tactic there is to enter form data containing
a single or double quote or a backslash and see what values
you get in your PHP - if the data sprouts extra backslashes
then you do indeed have magic_quotes turned on.

Cheers,

Mike