Results 1 to 19 of 19
  1. #1
    Join Date
    May 2007
    Posts
    438

    Cannot use $_POST with register_globals disabled

    This script I am using works flawlessly when globals are on.
    Once I disable, it stops working.

    For one, I cannot figure out how to use $_POST[] with an array, I suspect this may be my problem.

    Some array examples:
    $value[0]
    $value[1]
    $plus[$i]
    $plus[$x]

    (the above arrays are used to write to the database) in this fashion:
    if($values[0] !== ""){
    tep_db_query("INSERT INTO products_attributes (products_id, options_id, options_values_id, options_values_price, price_prefix, attribute_sort) VALUES (" . $pID . ", '" . $values[0] . "', '" . $values[1] . "','". $att_price[$i]. "','". $plus[$i]. "','". $stckamnt[$i]. "')");
    } else {
    $values[2] = "\"" . $values[2] . "\"";
    $values[3] = "\"" . $values[3] . "\"";
    tep_db_query("INSERT INTO products_attributes (products_id, options_id, options_values_id, options_values_price, price_prefix, attribute_sort) VALUES (" . $pID . ", '" . $values[0] . "', '" . $values[1] . "','". $att_price[$i]. "','". $plus[$i]. "','". $stckamnt[$i]. "')");
    }

  2. #2
    Join Date
    Dec 2007
    Location
    Lebanon
    Posts
    413
    the $_POST for example if you have a form that has a text field named "telephone" in the page of the action of the form you put ie.

    Code:
    <input type="text" name="telephone" />
    the action page:
    PHP Code:
    $something=$_POST["telephone"]; 
    or if you are already connected to the db
    PHP Code:
    $something=mysql_real_escape_string($_POST["telephone"]); 

  3. #3
    Join Date
    Jul 2001
    Location
    Glasgow, Scotland
    Posts
    129
    Please read http://uk3.php.net/register_globals for information on register_globals, I'm not quite sure if you understand the purpose of this feature.
    Short and sweet, register_globals you should always use, as it makes an insecure language slightly less insecure. Just learn how to use it and you'll be fine

    $_POST[] is an array...
    My development blog - (un)Interesting codesnippets and the occational code-related rant!

  4. #4
    Join Date
    Dec 2007
    Location
    Lebanon
    Posts
    413
    no language is insecure!!! it is the programmer who writes code that is secure or not!

  5. #5
    Join Date
    Feb 2003
    Location
    AR
    Posts
    2,381
    Quote Originally Posted by the--dud
    Short and sweet, register_globals you should always use
    You are kidding, right? In PHP5, register_globals is deprecated and in PHP6, it's not even an option. You should NEVER depend on register_globals...There's a reason they're taking it out of PHP entirely.

  6. #6
    Join Date
    May 2007
    Posts
    438
    Quote Originally Posted by Codebird View Post
    the $_POST for example if you have a form that has a text field named "telephone" in the page of the action of the form you put ie.

    Code:
    <input type="text" name="telephone" />
    the action page:
    PHP Code:
    $something=$_POST["telephone"]; 
    or if you are already connected to the db
    PHP Code:
    $something=mysql_real_escape_string($_POST["telephone"]); 
    The problem I'm having is with arrays, not plain form inserts.

    register_globals you should always use
    As somebody said above me, php is taking it out of the languyage entirely once 6 is released: http://ca.php.net/register_globals
    This feature has been DEPRECATED and REMOVED as of PHP 6.0.0. Relying on this feature is highly discouraged.

    $_POST[] is an array...
    An array in this fashion, is what I am having trouble with:
    $plus[$x]

    Note that it is not the same as:
    $_POST['variable']


    I actually tried posting by this method:
    $_POST['plus']
    and it gave me either an empty result or 0. (The data should have been populated instead of the 0)

  7. #7
    Join Date
    Feb 2003
    Location
    Canada
    Posts
    958
    It would help to see the corresponding HTML that you are having problems with, but you would just access $_POST as a multidimensional array to access an array from a html form.

    ie.

    $_POST['plus'][$x]

    As stated above, register_globals is _NOT_ the answer.

  8. #8
    Join Date
    Aug 2004
    Location
    Canada
    Posts
    3,582
    Without the html not much we can do. So this bit of code might provide some insight as to what's going on to your html form:

    PHP Code:
    echo '<pre>';
    print_r($_POST);
    echo 
    '</pre>'
    Not sure if you were aware of this function or not.
    Tony B. - Chief Executive Officer
    Hawk Host Inc. Proudly serving websites since 2004
    Quality Shared and VPS Hosting
    PHP 5.3.x & PHP 5.4.x & PHP 5.5.X & PHP 5.6.X & PHP 7.0.X Support!

  9. #9
    Join Date
    May 2007
    Posts
    438
    Here's some html:
    Code:
    <td><input type=\"checkbox\" name=\"attributes[".$i."]\" value=\"" . $options_values['products_options_id'] . "_" . $suboptions_values['products_options_values_id'] . "_" . $prodoptions_values['options_values_price'] . "_" . $prodoptions_values['price_prefix'] . "\"" . $checked . "></td>
    <td><select name=\"plus[".$i."]\"><option value=\"\"><option value=\"+\"". $price_checked_plus .">+<option value=\"-\"". $price_checked_minus .">-</select></td>

  10. #10
    Join Date
    Dec 2002
    Location
    Jackson, MI
    Posts
    1,526
    Do not use or depend on register globals. It can lead to some very insecure code, if you are not careful.

    Please post an example to see what we are working with.

  11. #11
    Join Date
    Dec 2002
    Location
    Jackson, MI
    Posts
    1,526
    So the way you would access that is

    For the checkboxes:

    $_POST['attributes'][$i]

    for the select:

    You cannot have a $_POST['plus'][$i] but I am not sure that + or - is allowed in the value for the options.

    You could also try a print_r($_POST);, so you can actually see what is being sent

  12. #12
    Join Date
    Oct 2002
    Location
    Canada
    Posts
    3,100
    Quote Originally Posted by kcackler View Post
    You are kidding, right? In PHP5, register_globals is deprecated and in PHP6, it's not even an option. You should NEVER depend on register_globals...There's a reason they're taking it out of PHP entirely.
    There is one single reason they are taking out register_globals: sloppy programmers.

    Only way register_globals can have negative effect on application is if you use unsantized input and/or uninitiated variables. Show me "programmer" who does that and I will show you someone who should not be touching programming with 12 foot stick.

    I really have problem with PHP removing useful feature for all the wrong reasons. At the end of day, the same people whose code could be compromised because of register_globals will do stupid things like "include $_POST['page']" or "SET name='{$_POST['name']}'".

  13. #13
    Join Date
    Mar 2004
    Location
    USA
    Posts
    4,342
    PHP Code:
    $_POST['value'][0]
    $_POST['value'][1]
    $_POST['plus'][$i]
    $_POST['plus'][$x
    Peace,
    Testing 1.. Testing 1..2.. Testing 1..2..3...

  14. #14
    Join Date
    Feb 2003
    Location
    AR
    Posts
    2,381
    Quote Originally Posted by sasha
    There is one single reason they are taking out register_globals: sloppy programmers.

    Only way register_globals can have negative effect on application is if you use unsantized input and/or uninitiated variables. Show me "programmer" who does that and I will show you someone who should not be touching programming with 12 foot stick.

    I really have problem with PHP removing useful feature for all the wrong reasons. At the end of day, the same people whose code could be compromised because of register_globals will do stupid things like "include $_POST['page']" or "SET name='{$_POST['name']}'".
    Sasha - Nowhere did I say that register_globals was insecure. I said, pretty clearly, that you shouldn't rely on register_globals being on, because it's deprecated and being removed entirely in PHP 6. Please read my posts before trying to contradict them.

  15. #15
    Join Date
    Oct 2002
    Location
    Canada
    Posts
    3,100
    Quote Originally Posted by kcackler View Post
    Sasha - Nowhere did I say that register_globals was insecure. I said, pretty clearly, that you shouldn't rely on register_globals being on, because it's deprecated and being removed entirely in PHP 6. Please read my posts before trying to contradict them.
    Sorry, maybe I have read too much into your "There's a reason they're taking it out of PHP entirely".

  16. #16
    Join Date
    Feb 2003
    Location
    AR
    Posts
    2,381
    There is a reason. Stupid developers not understanding what they're doing, thereby causing security problems. I think we agree on that point.

  17. #17
    Join Date
    Nov 2003
    Location
    Amidst several dimensions
    Posts
    4,321
    use $_REQUEST instead of $_POST ? or $_SERVER['POST'] .

  18. #18
    If you get stuck with things like this again, just do a print_r($_POST); - youll get a clean output of the arrays structure.

  19. #19
    Join Date
    May 2007
    Posts
    438
    Thanks guys, I'm, still having a bit of trouble.. but after using print_r($_POST);
    ...looks as though my fields are filling?

    [plus] => Array
    (
    [0] =>
    [1] =>
    [2] => +
    [3] =>
    [4] =>
    [5] =>
    [6] =>
    [7] =>
    [8] =>
    [9] =>
    [10] =>
    [11] =>
    [12] =>
    [13] =>
    [14] =>
    [15] =>
    [16] =>
    [17] =>
    [18] =>
    [19] =>
    [20] =>
    [21] =>
    [22] =>
    [23] =>
    [24] =>
    [25] =>
    [26] =>
    [27] =>
    [28] =>
    [29] =>
    [30] =>
    [31] =>
    )

    [att_price] => Array
    (
    [0] =>
    [1] =>
    [2] => 2.95
    [3] =>
    [4] =>
    [5] =>
    [6] =>
    [7] =>
    [8] =>
    [9] =>
    [10] =>
    [11] =>
    [12] =>
    [13] =>
    [14] =>
    [15] =>
    [16] =>
    [17] =>
    [18] =>
    [19] =>
    [20] =>
    [21] =>
    [22] =>
    [23] =>
    [24] =>
    [25] =>
    [26] =>
    [27] =>
    [28] =>
    [29] =>
    [30] =>
    [31] =>
    )

    [stckamnt] => Array
    (
    [0] => 0
    [1] => 1
    [2] => 2
    [3] => 3
    [4] => 4
    [5] => 5
    [6] => 6
    [7] => 7
    [8] => 8
    [9] => 9
    [10] => 10
    [11] => 11
    [12] => 12
    [13] => 13
    [14] => 14
    [15] => 15
    [16] => 16
    [17] => 17
    [18] => 18
    [19] => 19
    [20] => 20
    [21] => 21
    [22] => 22
    [23] => 23
    [24] => 24
    [25] => 25
    [26] => 26
    [27] => 27
    [28] => 24
    [29] => 26
    [30] => 0
    [31] => 0
    )

    [attributes] => Array
    (
    [2] => 1_2__
    [3] => 1_3__
    }
    But they are not saving to the database.
    I am using:
    $attributes = $_POST['attributes'][$i];
    $plus = $_POST['plus'][$i];
    $att_price = $_POST['att_price'][$i];
    $stckamnt = $_POST['stckamnt'][$i];

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •