NOGDUS $1670.00 has been donated to NOGDUS!
May 22, 2017, 02:27:37 PM *
Welcome, Guest. Please login or register.

Login with username, password and session length
 
   Home   Help Search Login Register  
Pages: [1]   Go Down
  Print  
Author Topic: the $_GET['name'] in php  (Read 6062 times)
0 Members and 1 Guest are viewing this topic.
xhunter
Guest
« on: July 06, 2009, 05:53:27 PM »

Hello,
I want to know how do I use the $_GET['something'] in php

Here is my code :
This is for the menu.php
Code:
<html><body>
<form method="post" action="process.php">
Order:</br>
<input type="checkbox" name="Order" value="Paint">Paint<br/>
<input type="checkbox" name="Order" value="Brushes">Brushes</br>
Quantity:<input type="text" name="Quantity">
<input type="submit" value="add to chart">
</body></html>
this is for the process.php
Code:
<?php
$order
=$_GET['Order'];
$number=$_GET['Quantity'];
echo 
" Your will be receiving".$number." ".$order."from nogdus.com soon,thank you";
?>

when I replace the $_POST instead of $_GET it works fine !
then how do we use the $_GET
Thank you
Logged
Richard Marks
Administrator
Offline Offline

Respect: 3425
« Reply #1 on: July 06, 2009, 05:59:43 PM »

You need to tell your form to use GET style queries.
Code:
<form method="get" action="process.php">

Also, a tip for the echo statement.

Code:
echo 'You will be receiving x', $number, ' of ', $order, ' from nogdus.com soon, thank you.';

As you see above, you can chain arguments to be output by the echo command using the comma.
And static strings should always be in single quotes. (They are faster)
Logged

xhunter
Guest
« Reply #2 on: July 06, 2009, 06:06:37 PM »

Ah !
Thanks for the help Richard
nice tip,I don't know this one Wink



cheers,
Logged
Richard Marks
Administrator
Offline Offline

Respect: 3425
« Reply #3 on: July 06, 2009, 07:52:56 PM »

No problem.

Just something to know though; You really should be using POST http queries instead of GET.

GET is insecure, and opens the door to many bad things if used improperly.

GET values should never be used directly, and should always be tested against valid values to ensure that the data is not going to cause problems.

Never use

Code:
$g = $_GET['g']; echo $g;

use

Code:
$g = ''; // start with nothing
if (IsSet($_GET['g']))
{
    if ($_GET['g'] == $valid_g)
    {
        $g = htmlentities($_GET['g']);
    }
}

echo $g;

Its much safer.
Better would be to use regular expressions for validation, but you can avoid learning that for now.
Just make a note that you NEED to learn them at some point.
Logged

tcaudilllg
Guest
« Reply #4 on: July 06, 2009, 11:56:13 PM »

What about $_REQUEST[]?
Logged
xhunter
Guest
« Reply #5 on: July 08, 2009, 05:58:45 PM »

yeah
we also don't use'em at password..^^ because it will be showing the password in the adress bar I think
Logged
Richard Marks
Administrator
Offline Offline

Respect: 3425
« Reply #6 on: July 08, 2009, 06:14:07 PM »

yeah
we also don't use'em at password..^^ because it will be showing the password in the adress bar I think

You NEVER should use GET for logins. Always use POST for anything that you don't want in the address bar.
Logged

RedSlash
Offline Offline

Respect: 10
« Reply #7 on: July 08, 2009, 07:41:51 PM »

Not only that, your entire GET string is posted to other peoples web server logs when you follow a link to someone else's page after a GET query. Thus, if you use GET as a login and then click a link to my webpage, your entire password gets posted into my logs! This is the referrer string feature and is enabled in all browsers by default.
Logged
Richard Marks
Administrator
Offline Offline

Respect: 3425
« Reply #8 on: July 08, 2009, 07:46:34 PM »

Not only that, your entire GET string is posted to other peoples web server logs when you follow a link to someone else's page after a GET query. Thus, if you use GET as a login and then click a link to my webpage, your entire password gets posted into my logs! This is the referrer string feature and is enabled in all browsers by default.

A very good point!
You always need to be very careful with any sensitive information.
Logged

DeJa Vu
Guest
« Reply #9 on: July 08, 2009, 10:22:50 PM »

Use $_POST['nameOfVar']   or ($_SESSION['nameOfVar'])Huh

my 2 cents  ^_*
Logged
Richard Marks
Administrator
Offline Offline

Respect: 3425
« Reply #10 on: July 08, 2009, 10:48:02 PM »

Use $_POST['nameOfVar']   or ($_SESSION['nameOfVar'])Huh

my 2 cents  ^_*

Yeah..SESSION has nothing to do with form queries dude.

But yes, SESSION variables are useful for building login systems.
Logged

tcaudilllg
Guest
« Reply #11 on: October 01, 2009, 01:16:08 PM »

Better to use $_POST or $_REQUEST?
Logged
Richard Marks
Administrator
Offline Offline

Respect: 3425
« Reply #12 on: October 01, 2009, 06:39:15 PM »

Better to use $_POST or $_REQUEST?

The answer is $_POST

$_REQUEST accepts POST, GET and COOKIE data, which is a security hole.
Logged

Tags: $_GET  php 
Pages: [1]   Go Up
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.21 | SMF © 2015, Simple Machines
.: Theme by Richard Marks :.
Valid XHTML 1.0! Valid CSS!