Possible OT php form processing..
Reindl Harald
h.reindl at thelounge.net
Fri Mar 8 16:44:03 UTC 2013
boah is there a need for top-posting and destroy threads?
print "Your name $_GET['username'] <br>";
is within one of the stupiedst things one can do
print 'Your name ' . htmlentities($_GET['username']) . ' <br />';
is the ABSOLUTELY minimum of sanitize and the OP has much
larger missing knowledge because register_globals was deprectaed
more than 10 years ago for security reasons as also any documentation
states that unsaitized userinput is ALWAYS bad
* $_POST
* $_GET
* $_REQUEST
* $_COOKIES
are NOT trustable, YES $_COOKIES too!
Am 08.03.2013 17:34, schrieb NĂ©stor:
> Try:
> print "Your name $_GET['username'] <br>";
> print "you live in region: $_GET['region']";
>
> Look at all the examples in
> http://php.net/manual/en/reserved.variables.get.php
>
> Good Luck!!!
>
> On Fri, Mar 8, 2013 at 7:36 AM, Reindl Harald <h.reindl at thelounge.net <mailto:h.reindl at thelounge.net>> wrote:
>
> Am 08.03.2013 16:32, schrieb Aaron Konstam:
> > I don't know whether its my ignorance but I am having a problem wit form
> > processing through php. I wish some help. Small example below:
> >
> > form.html ---------
> > <html>
> > <body>
> > <h1> Welcome to ABC Web Page </h1>
> > <form action="formscripts/processForm.php" method="GET">
> > Enter Your Name:
> > <Input type="text" name="username"><br>
> > Where do you live?
> > <input type="text" name="region"><b>
> > <INPUT type="SUBMIT" name="submit" value="submit order" >
> > </form>
> > </body>
> > </html>
> >
> > processForm.php
> > ----------------
> > <html>
> > <body>
> > <h3> Your form is being processed </h3>
> > <?php
> > print "Your name $username <br>";
> > print "you live iin region: $region";
> > ?>
> > </body>
> > </html>
> >
> > When I run form.html and click the submit , processForm.php is run but
> > $username and $region is not transferred. Why is that?
>
> oh my god
>
> * register_globals is dead since years
> * echo unsanitized user input is pure XSS
> * unedfined variables are unsexy
> * method GET form forms is bad and insecure for passwords due history
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 263 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/users/attachments/20130308/e891fa00/attachment.sig>
More information about the users
mailing list