Development Started PHP4

Well i just started learning PHP4, but the first files didn't work, although they didn't seem to have anything wrong...

So here is the source code of text.html:

<HTML>
<HEAD></HEAD>
<BODY>
<FORM METHOD=GET ACTION="text.php">
Who is your favourite author?
<INPUT NAME="Author" TYPE="TEXT">
<BR>
<BR>
<INPUT TYPE=SUBMIT>
</FORM>
</BODY>
</HTML>

Ande here is text.php:

<HTML>
<HEAD></HEAD>
<BODY>
Your favorite author is:
<?php
echo $Author;
?>
</BODY>
</HTML>

What's wrong here?

 

For a while now, php's 'register globals' setting has by default been set to OFF for security and various other reasons (to try to make people code better, and to make them think about how they want variables to be assigned).
This means that variables sent by URLs or forms have to be accessed in a different way.

You would now have to use $_GET[Author] instead of $Author in text.php.

Likewise if you were using the POST method (which is preferable to GET), you would have to use $_POST[Author].

Coding using $_POST, $_GET, $_REQUEST etc and with register_globals off is much better than just using $var

Hope this helps

 

Also, if you don't like using the $_GET/POST/SESSION variables... you can use: extract($_GET) and it will put all the [variables] into $variables as you like to use it.

So if you want to use a lot of variables from a form in the future, use: extract($_POST);
thus giving you the $author, and other $variables you like using

Just another one of those PHP hints.. register globals sux

 

I disagree. It forces you to think about how your variables are going to be designed, and makes it a lot easier to debug your scripts 6 months down the line. I used to hate register_globals set to off, now I wouldnt think NOT to use GET/POST/REQUEST -- its the best way

 

Agreed. Much more precise and more secure.

 

Just a note about good programming practice.

Use

$_GET['foo']

as opposed to

$_GET[foo]

(note the inverted commas).

 

''s cause prioblems in mySQL queries and other strings, so why bother?

 

I often have problems with parse errors when using them in mysql commands. I was wondering how to get round that actually. To be honest, that is the proper way to do it (with 's), so that's the way it should be done. There has to be official standards that programmers adhere to rather than taking shortcuts.

 

I said in my post, it's good programming practice. If we're going down that road, why bother keeping register_globals on when turning it off can be a bit easier and save you a good few seconds?

(btw, there's no extra ' in 's. Just pointing that out since it can make things a bit confusing ).

PHP:

$query = "SELECT * FROM content WHERE title='$foo['bar']' LIMIT 1"

If that's giving you problems, it is so simple to just do

PHP:

$query = "SELECT * FROM content WHERE title='".$foo['bar']."' LIMIT 1"

voila, problem solved.

 

Ah, excellent. Thank you.

 

There is sod all difference between &_GET[blah] and $_GET['blah'] - the difference between register_globals on and off is huge...

 

ffs RTT, there really is no need to start being childish about it. I can only assume you'd still be PMing me asking for help, had I not pissed you off about something....

 

I'm sorry?

I am only questioning your logic... my apologies if I came across as being arrogant. My point was that it still works identically and won't post any problems for anyone unfamiliar with the method below which you correctly pointed out.

->

Code:

$query = "SELECT * FROM content WHERE title='".$foo['bar']."' LIMIT 1"