[PHP] Re: HTTP_POST_VARS empty!
Vincent M. wrote:
Vincent M. wrote:
Hello,
I don't understand this code empty my HTTP_POST_VARS variable:
if ((get_magic_quotes_gpc() == 1)) {
switch ($REQUEST_METHOD) {
case POST:
while (list ($key, $val) = each ($HTTP_POST_VARS)) {
$$key = stripslashes($val);
}
break;
case GET:
while (list ($key, $val) = each ($HTTP_GET_VARS)) {
$$key = stripslashes($val);
}
break;
}
}
This script is usefull to simulate get_magic_quotes_gpc to 0 but if I
do it it empty my HTTP_POST_VARS and this code does not work:
while(list ($key, $val) = each($HTTP_POST_VARS)) {
echo $key = $valbr;
}
echo Here we are...!!!... ;
It displays, Here we are...!!!... but nothing at all for $key and
for $val
How should I do to simulate get_magic_quotes_gpc to 0 without emptying
HTTP_POST_VARS ?
Thanks,
Vincent.
PS: If I delete the code ...(get_magic_quotes_gpc() == 1)...it works...
ok,
It seems to empty the HTTP_POST_VAR variable when we parse it with
while(list ($key, $val) = each($HTTP_POST_VARS)) {
...
}
So I can't do this while 2 times :-( and I need to do it several times!
Does anyone know how to parse $HTTP_POST_VARS whithout emptying this
variable ?
Thanks.
ok, reset($HTTP_POST_VARS) is my friend ;-)
++
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: HTTP_POST_VARS truncated
In article GNLT20$[EMAIL PROTECTED],
[EMAIL PROTECTED] (Mweb) wrote:
foreach (var, key) in HTTP POST VARS {
print VAR: $var KEY = $key
}
It works, (meaning that php code is correct, html output is displayed,
and no error are reported) but only prints three lines, i.e. the two select
fields are missing.
One or more options in each select field are selected, right? Fields
having no values (such as unchecked radio buttons, etc.) don't get passed.
--
CC
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Re: HTTP_POST_VARS truncated
One or more options in each select field are selected, right? Fields having no values (such as unchecked radio buttons, etc.) don't get passed. Yes, I know empty values are not passed, and, yes, the options were selected (I tried with different values because I started thinking I was having some browser cache problem: other variable were always printed with the latest value, except the select ones) mweb -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Re: HTTP_POST_VARS truncated
In article GNMDDQ$[EMAIL PROTECTED], [EMAIL PROTECTED] (Mweb) wrote: One or more options in each select field are selected, right? Fields having no values (such as unchecked radio buttons, etc.) don't get passed. Yes, I know empty values are not passed, and, yes, the options were selected (I tried with different values because I started thinking I was having some browser cache problem: other variable were always printed with the latest value, except the select ones) Hmm. Have you validated the HTML too? Maybe there's some subtle syntactical error that's preventing the select values from being passed...?? When you var_dump($HTTP_POST_VARS) or print_r($HTTP_POST_VARS), the selects aren't showing there, either, I assume... -- CC -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Re: HTTP_POST_VARS and eval?
Henrik,
I think your problem is jsimply that you are not getting variable substitution
of $HTTP_GET_VARS[whatever] inside double quotes.
print whatever is $HTTP_GET_VARS[whatever];
is not safe.
You need
print whatever is {$HTTP_GET_VARS[whatever]};
or, (IMHO better),
print 'whatever is '.$HTTP_GET_VARS[whatever];
The fact that you are actually evaluating an assignment is I think irrelevant, it's
just the
variable substitution that's failing. See the variable parsing section of
http://www.php.net/manual/en/language.types.string.php
George
Henrik Hudson wrote:
Hey List-
Working on a program and I seem to have run into a problem with
HTTP_POST_VARS. Are the HTTP_VARS considered special?
Here is what I am doing, reading in from a file into an array and then
grabbing each line and looking for ]string[ and replacing that with
$HTTP_POST_VARS[string]
The first echo prints out the lines correctly, but the echo after the eval
prints out the same lines. My error log shows this:
PHP Parse error: parse error, expecting `T_STRING' or `T_VARIABLE' or
`T_NUM_STRING' in
/data/www/webpages/test.rhavenn.net/public_html/formmail/formmail.php(164) :
eval()'d code on line 1
So, its having problems doing an eval on the HTTP_POST? If I replace the
HTTP_POST stuff with just$\\1 and then define $string =
$HTTP_POST_VARS[string] it works just fine, but I can't do this since I
don't know what string is going to be, just that it is between ] [ chars and
there can be multiple ] [ on one line.
Any thoughts? Code is below.
//Read the array
$form_data = ;
for($i=0; $i count($filearr); $i++){
$line = $filearr[$i];
//Strip the ] [ from around the variables so they will be interpreted
$line = eregi_replace(\]([^\[]+)\[, \$HTTP_POST_VARS['\\1'],
$line);
echo Line: $lineBR;
//eval the variables from $line into themselves and they become
literal
eval (\$line = \$line\;);
echo Lineafterwards: $lineBR\n;
//Write the line back into a single variable
$form_data = $form_data . $line;
}
exit;
Thanks!
Henrik
--
Henrik Hudson
[EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Re: HTTP_POST_VARS and eval?
Thanks. It actually turned out that I wanted to do just:
$HTTP_POST_VARS[\\1]
in the regex (ie: removing the quotes entirely inside the array)
and it works just fine. Thanks for the info however.
On Friday 16 November 2001 09:37, George Whiffen wrote:
Henrik,
I think your problem is jsimply that you are not getting variable
substitution of $HTTP_GET_VARS[whatever] inside double quotes.
print whatever is $HTTP_GET_VARS[whatever];
is not safe.
You need
print whatever is {$HTTP_GET_VARS[whatever]};
or, (IMHO better),
print 'whatever is '.$HTTP_GET_VARS[whatever];
The fact that you are actually evaluating an assignment is I think
irrelevant, it's just the variable substitution that's failing. See the
variable parsing section of
http://www.php.net/manual/en/language.types.string.php
George
Henrik Hudson wrote:
Hey List-
Working on a program and I seem to have run into a problem with
HTTP_POST_VARS. Are the HTTP_VARS considered special?
Here is what I am doing, reading in from a file into an array and then
grabbing each line and looking for ]string[ and replacing that with
$HTTP_POST_VARS[string]
The first echo prints out the lines correctly, but the echo after the
eval prints out the same lines. My error log shows this:
PHP Parse error: parse error, expecting `T_STRING' or `T_VARIABLE' or
`T_NUM_STRING' in
/data/www/webpages/test.rhavenn.net/public_html/formmail/formmail.php(164
) : eval()'d code on line 1
So, its having problems doing an eval on the HTTP_POST? If I replace the
HTTP_POST stuff with just$\\1 and then define $string =
$HTTP_POST_VARS[string] it works just fine, but I can't do this since I
don't know what string is going to be, just that it is between ] [ chars
and there can be multiple ] [ on one line.
Any thoughts? Code is below.
//Read the array
$form_data = ;
for($i=0; $i count($filearr); $i++){
$line = $filearr[$i];
//Strip the ] [ from around the variables so they will be
interpreted $line = eregi_replace(\]([^\[]+)\[,
\$HTTP_POST_VARS['\\1'], $line);
echo Line: $lineBR;
//eval the variables from $line into themselves and they become
literal
eval (\$line = \$line\;);
echo Lineafterwards: $lineBR\n;
//Write the line back into a single variable
$form_data = $form_data . $line;
}
exit;
Thanks!
Henrik
--
Henrik Hudson
[EMAIL PROTECTED]
--
Henrik Hudson
[EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Re: HTTP_POST_VARS and eval?
Henrik Hudson wrote:
So, its having problems doing an eval on the HTTP_POST? If I replace the
HTTP_POST stuff with just$\\1 and then define $string =
$HTTP_POST_VARS[string] it works just fine, but I can't do this since I
don't know what string is going to be, just that it is between ] [ chars
and
there can be multiple ] [ on one line.
Any thoughts? Code is below.
//Read the array
$form_data = ;
for($i=0; $i count($filearr); $i++){
$line = $filearr[$i];
//Strip the ] [ from around the variables so they will be
interpreted $line = eregi_replace(\]([^\[]+)\[,
\$HTTP_POST_VARS['\\1'],
$line);
echo Line: $lineBR;
//eval the variables from $line into themselves and they become
literal
eval (\$line = \$line\;);
echo Lineafterwards: $lineBR\n;
//Write the line back into a single variable
$form_data = $form_data . $line;
}
exit;
Show use the output, espeically the debugging output of what the lines say
that you are trying to eval
--
Like music? http://l-i-e.com/artists.htm
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Re: HTTP_POST_VARS and eval?
Thanks for the help on this.
The file it's reading in:
-
An example form has been submitted.
Name: ]name[
Email: ]email[
The user made the following comments:
]comments[
Just in case we forget, the users name is ]name[ and their email is ]email[
--
The output of the code:
---
Line: An example form has been submitted.
Lineafterwards: An example form has been submitted.
Line:
Lineafterwards:
Line: Name: $HTTP_POST_VARS[name]
Lineafterwards: Name: $HTTP_POST_VARS[name]
Line: Email: $HTTP_POST_VARS[email]
Lineafterwards: Email: $HTTP_POST_VARS[email]
Line:
Lineafterwards:
Line:
Lineafterwards:
Line: The user made the following comments:
Lineafterwards: The user made the following comments:
Line: $HTTP_POST_VARS[comments]
Lineafterwards: $HTTP_POST_VARS[comments]
Line:
Lineafterwards:
Line:
Lineafterwards:
Line:
Lineafterwards:
Line: Just in case we forget, the users name is $HTTP_POST_VARS[name] and
their email is $HTTP_POST_VARS[email]
Lineafterwards: Just in case we forget, the users name is
$HTTP_POST_VARS[name] and their email is $HTTP_POST_VARS[email]
-
On Thursday 15 November 2001 18:20, Richard Lynch wrote:
Henrik Hudson wrote:
So, its having problems doing an eval on the HTTP_POST? If I replace the
HTTP_POST stuff with just$\\1 and then define $string =
$HTTP_POST_VARS[string] it works just fine, but I can't do this since I
don't know what string is going to be, just that it is between ] [ chars
and
there can be multiple ] [ on one line.
Any thoughts? Code is below.
//Read the array
$form_data = ;
for($i=0; $i count($filearr); $i++){
$line = $filearr[$i];
//Strip the ] [ from around the variables so they will be
interpreted $line = eregi_replace(\]([^\[]+)\[,
\$HTTP_POST_VARS['\\1'],
$line);
echo Line: $lineBR;
//eval the variables from $line into themselves and they become
literal
eval (\$line = \$line\;);
echo Lineafterwards: $lineBR\n;
//Write the line back into a single variable
$form_data = $form_data . $line;
}
exit;
Show use the output, espeically the debugging output of what the lines say
that you are trying to eval
--
Henrik Hudson
[EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Re: $HTTP_POST_VARS
In article NFBBJAAIJKFHONHEEJJDAEEBCFAA.jk@intern, [EMAIL PROTECTED] (Jochen Kaechelin) wrote: Is this a secure way to check if some data comes from a form-field of the previous page, No. But as long as the user submits all of the necessary data, and the data passes your validation checks, what does it matter where they submitted the data from? You could check the Referer value, if one has been set, for a little more assurance that it was posted from your page, but relying on the accuracy (or presence!) of Referer should not be considered secure either. If passing data securely from one page on your site to another is important, maybe SSL is what you need. or ist it possible to fill it without submitting a form? Yes, a POST request can be submitted without using a form. -- CC -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
