I don't know whether its my ignorance but I am having a problem wit form processing through php. I wish some help. Small example below:
form.html --------- <html> <body> <h1> Welcome to ABC Web Page </h1> <form action="formscripts/processForm.php" method="GET"> Enter Your Name: <Input type="text" name="username"><br> Where do you live? <input type="text" name="region"><b> <INPUT type="SUBMIT" name="submit" value="submit order" > </form> </body> </html>
processForm.php ---------------- <html> <body> <h3> Your form is being processed </h3> <?php print "Your name $username <br>"; print "you live iin region: $region"; ?> </body> </html>
When I run form.html and click the submit , processForm.php is run but $username and $region is not transferred. Why is that?
Am 08.03.2013 16:32, schrieb Aaron Konstam:
I don't know whether its my ignorance but I am having a problem wit form processing through php. I wish some help. Small example below:
form.html ---------
<html> <body> <h1> Welcome to ABC Web Page </h1> <form action="formscripts/processForm.php" method="GET"> Enter Your Name: <Input type="text" name="username"><br> Where do you live? <input type="text" name="region"><b> <INPUT type="SUBMIT" name="submit" value="submit order" > </form> </body> </html>
processForm.php ----------------<html> <body> <h3> Your form is being processed </h3> <?php print "Your name $username <br>"; print "you live iin region: $region"; ?> </body> </html>
When I run form.html and click the submit , processForm.php is run but $username and $region is not transferred. Why is that?
oh my god
* register_globals is dead since years * echo unsanitized user input is pure XSS * unedfined variables are unsexy * method GET form forms is bad and insecure for passwords due history
Try: print "Your name $_GET['username'] <br>"; print "you live in region: $_GET['region']";
Look at all the examples in http://php.net/manual/en/reserved.variables.get.php
Good Luck!!!
On Fri, Mar 8, 2013 at 7:36 AM, Reindl Harald h.reindl@thelounge.netwrote:
Am 08.03.2013 16:32, schrieb Aaron Konstam:
I don't know whether its my ignorance but I am having a problem wit form processing through php. I wish some help. Small example below:
form.html ---------<html> <body> <h1> Welcome to ABC Web Page </h1> <form action="formscripts/processForm.php" method="GET"> Enter Your Name: <Input type="text" name="username"><br> Where do you live? <input type="text" name="region"><b> <INPUT type="SUBMIT" name="submit" value="submit order" > </form> </body> </html>
processForm.php ----------------<html> <body> <h3> Your form is being processed </h3> <?php print "Your name $username <br>"; print "you live iin region: $region"; ?> </body> </html>
When I run form.html and click the submit , processForm.php is run but $username and $region is not transferred. Why is that?
oh my god
- register_globals is dead since years
- echo unsanitized user input is pure XSS
- unedfined variables are unsexy
- method GET form forms is bad and insecure for passwords due history
-- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
boah is there a need for top-posting and destroy threads?
print "Your name $_GET['username'] <br>"; is within one of the stupiedst things one can do
print 'Your name ' . htmlentities($_GET['username']) . ' <br />'; is the ABSOLUTELY minimum of sanitize and the OP has much larger missing knowledge because register_globals was deprectaed more than 10 years ago for security reasons as also any documentation states that unsaitized userinput is ALWAYS bad
* $_POST * $_GET * $_REQUEST * $_COOKIES
are NOT trustable, YES $_COOKIES too!
Am 08.03.2013 17:34, schrieb Néstor:
Try: print "Your name $_GET['username'] <br>"; print "you live in region: $_GET['region']";
Look at all the examples in http://php.net/manual/en/reserved.variables.get.php
Good Luck!!!
On Fri, Mar 8, 2013 at 7:36 AM, Reindl Harald <h.reindl@thelounge.net mailto:h.reindl@thelounge.net> wrote:
Am 08.03.2013 16:32, schrieb Aaron Konstam: > I don't know whether its my ignorance but I am having a problem wit form > processing through php. I wish some help. Small example below: > > form.html --------- > <html> > <body> > <h1> Welcome to ABC Web Page </h1> > <form action="formscripts/processForm.php" method="GET"> > Enter Your Name: > <Input type="text" name="username"><br> > Where do you live? > <input type="text" name="region"><b> > <INPUT type="SUBMIT" name="submit" value="submit order" > > </form> > </body> > </html> > > processForm.php > ---------------- > <html> > <body> > <h3> Your form is being processed </h3> > <?php > print "Your name $username <br>"; > print "you live iin region: $region"; > ?> > </body> > </html> > > When I run form.html and click the submit , processForm.php is run but > $username and $region is not transferred. Why is that? oh my god * register_globals is dead since years * echo unsanitized user input is pure XSS * unedfined variables are unsexy * method GET form forms is bad and insecure for passwords due history
On Fri, 2013-03-08 at 16:36 +0100, Reindl Harald wrote:
Am 08.03.2013 16:32, schrieb Aaron Konstam:
I don't know whether its my ignorance but I am having a problem wit form processing through php. I wish some help. Small example below:
form.html ---------
<html> <body> <h1> Welcome to ABC Web Page </h1> <form action="formscripts/processForm.php" method="GET"> Enter Your Name: <Input type="text" name="username"><br> Where do you live? <input type="text" name="region"><b> <INPUT type="SUBMIT" name="submit" value="submit order" > </form> </body> </html>
processForm.php ----------------<html> <body> <h3> Your form is being processed </h3> <?php print "Your name $username <br>"; print "you live iin region: $region"; ?> </body> </html>
When I run form.html and click the submit , processForm.php is run but $username and $region is not transferred. Why is that?
oh my god
- register_globals is dead since years
- echo unsanitized user input is pure XSS
- unedfined variables are unsexy
- method GET form forms is bad and insecure for passwords due history
I appreciate the replies. I especially appreciated no one replying by saying, you idiot , what you are trying to do has been obsolete for 10 years. Well you ask, and you learn.
-
Aaron Konstam -
Néstor -
Reindl Harald