...

View Full Version : Passing variables to include file



jvc
03-08-2004, 11:25 AM
As we were getting more and more complaints against the use of frames on our website, we are trying to get everything into tables using php.
I just got stuck with an interesting problem, for which, I hope, someone has a solution.
On page1, a search engine is located in the left column. Results are to be displayed in the middle column.
My code for the Search using "Freefind":
<table>
<tr><td align="center">
<FORM ACTION="index_search_results.php" METHOD="POST">
<INPUT TYPE="HIDDEN" NAME="id" VALUE="1234567">
<INPUT TYPE="HIDDEN" NAME="pid" VALUE="r">
<INPUT TYPE="HIDDEN" NAME="mode" VALUE="ALL">
<INPUT type="HIDDEN" name="n" value="0">
<INPUT TYPE="TEXT" NAME="query" SIZE="20"></td></tr><tr><td align="center">
<INPUT TYPE="SUBMIT" VALUE="Find!">
<input type="SUBMIT" name="sitemap" value="Site Map"></td></tr>
</font></FORM></table>

The original action (http://www.freefind.com/find.htm) is replaced by index_search_results.php, which is an identical page, with an include statement in the middle column<?php include("http://search.freefind.com/find.html");
?>
Everything works fine, except for the fact that the variables from the search form on page1 are not passed on to the search. As I see from an echo, they are empty.

Does anyone have a solution to this? The variables are supposed to be passed on to index_search_results.php (is a standard technique).

mordred
03-08-2004, 11:50 AM
You mean that $_POST is empty after you submitted the form above? Does a var_dump($_POST) confirm that there really aren't any form variables passed? Finally, what PHP version do you run and have you disabled register_globals?

jvc
03-08-2004, 12:03 PM
Hi,

Have been playing some more, and $_POST does contain all the variables, whereas when I print the variables individually they are empty.
Knowing that the variables are there reduces the problem to finding out why they are not accessable by the include file, which is thrown in the same environment.

Thanks for the help from the "Banana Republic"

mordred
03-08-2004, 12:43 PM
When you say you print the variables individually, where do you do this? In index_search_results.php or in http://search.freefind.com/find.html? I'm assuming you're doing this in the former one, since freefind looks like a service you're using. And printing individually means doing



print $_POST['query'];


for example, I ask this because you didn't answer whether you have register_globals enabled or not, and it helps tracking down where the problem is.

There is a general problem in your code though:



include("http://search.freefind.com/find.html");


What happens here is that the contents of find.html are fetched over the web and included in your page. POST variables are not sent along by this method. You can't resend POST data with include() or require().

Be aware that if you are not in control of search.freefind.com/find.html, what you have there is a severe security hole. freefind.com could send you any code they want, also PHP code, which would be interpreted on your server. Don't use that.

jvc
03-08-2004, 03:56 PM
You are indeed correct regarding the hole in security it creates.

Regarding register_globals, I need to check with the server guy to see how it is set, but I am pretty sure it is set to "off".

I was not aware that parameters can not be passed into an include.
Is there any other way of doing it?

Appreciate the help.

Jean



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum