Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 5 of 5
  1. #1
    jvc
    jvc is offline
    New to the CF scene
    Join Date
    Mar 2004
    Location
    Oregon
    Posts
    6
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Passing variables to include file

    As we were getting more and more complaints against the use of frames on our website, we are trying to get everything into tables using php.
    I just got stuck with an interesting problem, for which, I hope, someone has a solution.
    On page1, a search engine is located in the left column. Results are to be displayed in the middle column.
    My code for the Search using "Freefind":
    <table>
    <tr><td align="center">
    <FORM ACTION="index_search_results.php" METHOD="POST">
    <INPUT TYPE="HIDDEN" NAME="id" VALUE="1234567">
    <INPUT TYPE="HIDDEN" NAME="pid" VALUE="r">
    <INPUT TYPE="HIDDEN" NAME="mode" VALUE="ALL">
    <INPUT type="HIDDEN" name="n" value="0">
    <INPUT TYPE="TEXT" NAME="query" SIZE="20"></td></tr><tr><td align="center">
    <INPUT TYPE="SUBMIT" VALUE="Find!">
    <input type="SUBMIT" name="sitemap" value="Site Map"></td></tr>
    </font></FORM></table>

    The original action (http://www.freefind.com/find.htm) is replaced by index_search_results.php, which is an identical page, with an include statement in the middle column<?php include("http://search.freefind.com/find.html");
    ?>
    Everything works fine, except for the fact that the variables from the search form on page1 are not passed on to the search. As I see from an echo, they are empty.

    Does anyone have a solution to this? The variables are supposed to be passed on to index_search_results.php (is a standard technique).

  • #2
    Senior Coder
    Join Date
    Jun 2002
    Location
    frankfurt, german banana republic
    Posts
    1,848
    Thanks
    0
    Thanked 0 Times in 0 Posts
    You mean that $_POST is empty after you submitted the form above? Does a var_dump($_POST) confirm that there really aren't any form variables passed? Finally, what PHP version do you run and have you disabled register_globals?
    De gustibus non est disputandum.

  • #3
    jvc
    jvc is offline
    New to the CF scene
    Join Date
    Mar 2004
    Location
    Oregon
    Posts
    6
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Hi,

    Have been playing some more, and $_POST does contain all the variables, whereas when I print the variables individually they are empty.
    Knowing that the variables are there reduces the problem to finding out why they are not accessable by the include file, which is thrown in the same environment.

    Thanks for the help from the "Banana Republic"

  • #4
    Senior Coder
    Join Date
    Jun 2002
    Location
    frankfurt, german banana republic
    Posts
    1,848
    Thanks
    0
    Thanked 0 Times in 0 Posts
    When you say you print the variables individually, where do you do this? In index_search_results.php or in http://search.freefind.com/find.html? I'm assuming you're doing this in the former one, since freefind looks like a service you're using. And printing individually means doing

    PHP Code:
    print $_POST['query']; 
    for example, I ask this because you didn't answer whether you have register_globals enabled or not, and it helps tracking down where the problem is.

    There is a general problem in your code though:

    PHP Code:
    include("http://search.freefind.com/find.html"); 
    What happens here is that the contents of find.html are fetched over the web and included in your page. POST variables are not sent along by this method. You can't resend POST data with include() or require().

    Be aware that if you are not in control of search.freefind.com/find.html, what you have there is a severe security hole. freefind.com could send you any code they want, also PHP code, which would be interpreted on your server. Don't use that.
    De gustibus non est disputandum.

  • #5
    jvc
    jvc is offline
    New to the CF scene
    Join Date
    Mar 2004
    Location
    Oregon
    Posts
    6
    Thanks
    0
    Thanked 0 Times in 0 Posts
    You are indeed correct regarding the hole in security it creates.

    Regarding register_globals, I need to check with the server guy to see how it is set, but I am pretty sure it is set to "off".

    I was not aware that parameters can not be passed into an include.
    Is there any other way of doing it?

    Appreciate the help.

    Jean


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •