Hello trlists,
Friday, March 12, 2004, 3:56:23 AM, you wrote:
tcc It seems to me that for security one wants both things -- first, to
tcc move only what you need from _POST into the global symbol table, and
tcc second, validate it thoroughly.
Indeed.. roll-on input filters in PHP5 :)
--
Best
]
To: Mike Mapsnac [EMAIL PROTECTED],[EMAIL PROTECTED]
Subject: R: [PHP] Get nice variables from POST
Date: Thu, 11 Mar 2004 17:30:57 +0100
hi,
why don't you simple use the $_POST vars? they are already available to
you,
so why you should copy them?
example:
function show_function()
{
$query
Try to use
$query = SELECT * FROM user WHERE user_id = $_POST['user_id'];
-Original Message-
From: Mike Mapsnac [mailto:[EMAIL PROTECTED]
Sent: Friday, March 12, 2004 3:40 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: [PHP] RE: R: [PHP] Get nice variables from POST
I try to use
= ${_POST['user_id']};
From: Alessandro Vitale [EMAIL PROTECTED]
To: Mike Mapsnac [EMAIL PROTECTED],[EMAIL PROTECTED]
Subject: R: [PHP] Get nice variables from POST
Date: Thu, 11 Mar 2004 17:30:57 +0100
hi,
why don't you simple use the $_POST vars? they are already available to
you,
so why
On 12 Mar 2004 Mike Mapsnac wrote:
I try to use quotes in the query and this doesn't work.
$query = SELECT * FROM user WHERE user_id = '$_POST['user_id']}';
But you use brackets and it works.. Why do you use brackets ?
$query = SELECT * FROM user WHERE user_id = ${_POST['user_id']};
See
On 12 Mar 2004 Richard Davey wrote:
Indeed.. roll-on input filters in PHP5 :)
Hmmm, can't find the docs on those online.
--
Tom
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
: Strings
-Messaggio originale-
Da: Mike Mapsnac [mailto:[EMAIL PROTECTED]
Inviato: venerdì 12 marzo 2004 14.40
A: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Oggetto: RE: R: [PHP] Get nice variables from POST
I try to use quotes in the query and this doesn't work.
$query = SELECT * FROM user WHERE
you might think I am an idiot. never mind.
Date: Thu, 11 Mar 2004 14:51:25 +
From: Mike Mapsnac [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [PHP] Get nice variables from POST
I have about 10 fields in the form. And I get the fields through POST:
//Get Variable from the form
:25 +
From: Mike Mapsnac [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [PHP] Get nice variables from POST
I have about 10 fields in the form. And I get the fields through POST:
//Get Variable from the form
$username = $_POST['username'];
$password = $_POST['password
if (is_array($_POST)) {
foreach($_POST as $name=$value) {
${$name} = $value;
}
}
or use this
if (is_array($_POST))
{
extract($_POST);
}
Jaski
__
Do you Yahoo!?
Yahoo! Search - Find what youre looking for faster
http://search.yahoo.com
--
PHP General
I have about 10 fields in the form. And I get the fields through POST:
//Get Variable from the form
$username = $_POST['username'];
$password = $_POST['password'];
$password2 = $_POST['password2'];
$email = $_POST['email'];
$email2 = $_POST['email2'];
$nickname = $_POST['name'];
$city =
Mike Mapsnac wrote:
I have about 10 fields in the form. And I get the fields through POST:
//Get Variable from the form
$username = $_POST['username'];
$password = $_POST['password'];
$password2 = $_POST['password2'];
$email = $_POST['email'];
$email2 = $_POST['email2'];
$nickname =
by
$+the_field_name.
- Original Message -
From: Mike Mapsnac [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, March 11, 2004 9:51 AM
Subject: [PHP] Get nice variables from POST
I have about 10 fields in the form. And I get the fields through POST:
//Get Variable from the form
On 11 Mar 2004 Mike Mapsnac wrote:
I'm looking for nice way to get variables from POST?
Well you can do it easily with extract:
extract($_POST);
This has the same security risks as turning register_globals on, it
allows hackers to set any variable they wish.
A better method might
On 11 Mar 2004 Teren wrote:
If you have register_globals on in your php.ini file, you don't need to do
that. You just automatically have access to all of those variables like
$username and $password etc. Whatever the name is on the field is what the
string will be called and the action script
Thanks.
It looks much nicer :)
From: Marek Kilimajer [EMAIL PROTECTED]
To: Mike Mapsnac [EMAIL PROTECTED]
CC: [EMAIL PROTECTED]
Subject: Re: [PHP] Get nice variables from POST
Date: Thu, 11 Mar 2004 15:59:07 +0100
Mike Mapsnac wrote:
I have about 10 fields in the form. And I get the fields
On Thu, Mar 11, 2004 at 02:51:25PM +, Mike Mapsnac wrote:
I have about 10 fields in the form. And I get the fields through POST:
//Get Variable from the form
$username = $_POST['username'];
$password = $_POST['password'];
$password2 = $_POST['password2'];
$email = $_POST['email'];
Does this look nicer?
$fields = array('username', 'password', ...);
foreach($fields as $key) $$key = $_POST[$key];
Hi Marek,
A bit confused...whats the meaning of the double $ for key...or is that a
typo?
Thanks,
-Ryan
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe,
Hello Ryan,
Thursday, March 11, 2004, 3:29:32 PM, you wrote:
Does this look nicer?
$fields = array('username', 'password', ...);
foreach($fields as $key) $$key = $_POST[$key];
RA A bit confused...whats the meaning of the double $ for key...or is that a
RA typo?
It creates a variable
Hey Richard,
See Chapter 7 (Variables) of the PHP manual.
I remember reading about variable variables and also remember not
understanding them :-)
Will go through ch.7 again.
Thanks.
Cheers,
-Ryan
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit:
code for copying vars )
- you can always identify in your script the variable you are using is the
one that comes from POST
cheers,
alessandro
-Messaggio originale-
Da: Mike Mapsnac [mailto:[EMAIL PROTECTED]
Inviato: giovedì 11 marzo 2004 15.51
A: [EMAIL PROTECTED]
Oggetto: [PHP] Get nice
Mike Mapsnac [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
From: Marek Kilimajer [EMAIL PROTECTED]
$fields = array('username', 'password', ...);
foreach($fields as $key) $$key = $_POST[$key];
Thanks.
It looks much nicer :)
Along the same lines, I've found this helpful when
On 11 Mar 2004 Rob Adams wrote:
Along the same lines, I've found this helpful when inserting into mysql.
foreach($_POST as $key = $val)
$$key = mysql_escape_string($val);
I just wrote a cleanup routine which applies a number of
transformations -- it's called at the start of every page
--- [EMAIL PROTECTED] wrote:
Yes but register_globals carries substantial security risks since a
hacker can then set any script variable they wish merely by POSTing it
back in response to your form.
The risk is no greater than what the original poster wants to do anyway:
$foo =
On 11 Mar 2004 Chris Shiflett wrote:
The risk is no greater than what the original poster wants to do anyway:
$foo = $_POST['foo'];
Whether $foo is created by register_globals being enabled or by the
previous code, there is no difference in risk. The data should still be
considered
25 matches
Mail list logo
