Possible OT php form processing..

Reindl Harald h.reindl at thelounge.net
Fri Mar 8 16:44:03 UTC 2013 

boah is there a need for top-posting and destroy threads?

print "Your name $_GET['username'] <br>";
is within one of the stupiedst things one can do

print 'Your name ' . htmlentities($_GET['username']) . ' <br />';
is the ABSOLUTELY minimum of sanitize and the OP has much
larger missing knowledge because register_globals was deprectaed
more than 10 years ago for security reasons as also any documentation
states that unsaitized userinput is ALWAYS bad

* $_POST
* $_GET
* $_REQUEST
* $_COOKIES

are NOT trustable, YES $_COOKIES too!


Am 08.03.2013 17:34, schrieb NĂ©stor:
> Try:
> print "Your name $_GET['username'] <br>";
> print "you live in region: $_GET['region']";
> 
> Look at all the examples in
> http://php.net/manual/en/reserved.variables.get.php
> 
> Good Luck!!!
> 
> On Fri, Mar 8, 2013 at 7:36 AM, Reindl Harald <h.reindl at thelounge.net <mailto:h.reindl at thelounge.net>> wrote:
> 
>     Am 08.03.2013 16:32, schrieb Aaron Konstam:
>     > I don't know whether its my ignorance but I am having a problem wit form
>     > processing through php. I wish some help. Small example below:
>     >
>     >       form.html        ---------
>     > <html>
>     > <body>
>     > <h1> Welcome to ABC Web Page </h1>
>     > <form action="formscripts/processForm.php" method="GET">
>     > Enter Your Name:
>     > <Input type="text" name="username"><br>
>     > Where do you live?
>     > <input type="text" name="region"><b>
>     > <INPUT type="SUBMIT" name="submit" value="submit order" >
>     > </form>
>     > </body>
>     > </html>
>     >
>     >         processForm.php
>     >         ----------------
>     > <html>
>     > <body>
>     >  <h3> Your form is being processed </h3>
>     > <?php
>     > print "Your name $username <br>";
>     > print "you live iin region: $region";
>     > ?>
>     > </body>
>     > </html>
>     >
>     > When I run form.html and click the submit , processForm.php is run but
>     > $username and $region is not transferred. Why is that?
> 
>     oh my god
> 
>     * register_globals is dead since years
>     * echo unsanitized user input is pure XSS
>     * unedfined variables are unsexy
>     * method GET form forms is bad and insecure for passwords due history

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 263 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/users/attachments/20130308/e891fa00/attachment.sig>

More information about the users mailing list