CodingForums.com

CodingForums.com (http://www.codingforums.com/index.php)
-   PHP (http://www.codingforums.com/forumdisplay.php?f=6)
-   -   Change $_REQUEST to $_POST problem (http://www.codingforums.com/showthread.php?t=287022)

countrydj 02-04-2013 12:22 PM
Change $_REQUEST to $_POST problem
 
On advice, I am changing all my $_REQUEST to $_POST.

My form is:
Code:
<form action="register-exec.php" target="new" method="POST">
My register-exec.php (receiving script) is:
Code:
<?php
        //Start session
        session_start();
       
        //Include database connection details
        require_once('config.php');

$from = $_REQUEST['email'];

$action = $_REQUEST['action'];
When I change it to:
Code:
<?php
        //Start session
        session_start();
       
        //Include database connection details
        require_once('config.php');

$from = $_POST['email'];

$action = $_POST['action'];
nothing gets through. I just get a blank screen.

If I set a trap:
Code:
echo $email; exit;
I get a blank screen.
Code:
echo "Hello World"; exit;
I get Hello World echoed.

Can anybody think of what I am doing wrong ???

I have checked other scripts that I have changed and can't find any difference.

Thanks

Fou-Lu 02-04-2013 03:44 PM
$email isn't declared as anything, so that provides no surprise that it produces no output.
Enable your error reporting:
PHP Code:
ini_set('display_errors'1);
error_reporting(E_ALL); 
You can check the $_POST using var_dump($_POST); to see what's in it. If its empty, it's not receiving post, which indicates that it is receiving a $_GET instead. Did you modify the form action there as well, or was that always post?

Also, this hasn't a thing to do with Mysql. Moving to PHP forum.

countrydj 02-04-2013 08:38 PM
Hi Fou-Lu..

Many thanks, once again.
Firstly, let me apologise for posting in the wrong forum. I do get confused when the php objective is to populate the mysql database.

Secondly, sorry I misled you with $email. That was actually declared lower down the list (I only showed part of the list to save space.

However, I have obviously confused myself because this is not the problem.

The script is a double opt-in email catcher.
i.e. the subscriber fills in the form and the script sends out an email to the subscriber to verify the correct email address. The subscriber then clicks on a link in the email which then adds the data to the database.

The problem is NOT sending out the email, it is AFTER the subscriber clicks on the link. This is the link that is sent out to the subscriber:
PHP Code:
//////// SEND SUBSCRIBE VALIDATION EMAIL

    $mail_body "Please DO NOT reply to this email. It is an unattended mailbox.\n\nTo validate your email address, please click the following link:\n\nhttp://countrymusic.org.uk/calendar/register-exec.php?email=$from&emailcount=$emailcount&act=$active&action=subscribe&fname=$fname&surname=$surname&country=$country&year=$year&m=$hashed";

    mail($from"Validation Email"$mail_body"From: noreply@countrymusic.org.uk\n"); 
This is the email that the subscriber receives:
Quote:
Please DO NOT reply to this email. It is an unattended mailbox.

To validate your email address, please click the following link:

countrymusic.org.uk/calendar/register-exec.php?email=jc1@in-uk.co.uk&emailcount=1&act=1&action=subscribe&fname=John&surname=Craven&country=UK&year=2013&m=7d2263 650cde3c8a1f5744414de3a748
NB. I have removed the http\\ from the front of the link. I insisted on making it a link with it there.

I notice in here that there is no indication of method=POST.

This script worked perfectly well using $_REQUEST

Now that I have sorted my brain, can you help ???

Thanks

TFlan 02-04-2013 09:08 PM
Quote:
I notice in here that there is no indication of method=POST.

This script worked perfectly well using $_REQUEST
You have solved your own problem...

The $_REQUEST array includes $_GET, $_POST, and $_COOKIE

You are utilizing $_POST for the form submission and $_GET for the link.

To get the information held in the URL query string, you need to use $_GET, not $_POST

IE:
PHP Code:
// Link: http://countrymusic.org.uk/calendar/register-exec.php?email=jc1@in-uk.co.uk&emailcount=1&act=1&action=subscribe&fname=John&surname=Craven&country=UK&year=2013&m=7d2263 650cde3c8a1f5744414de3a748
$email $_GET['email']; // jc1@in-uk.co.uk 

countrydj 02-04-2013 10:03 PM
Hi TFlan ...
Thank you so much for your help.

That worked fine.

I must admit, I don't really know when to use POST and when to use GET.
Is there a rule of thumb ???

How do you know that I am using GET for the string.
Is this always the case ???

Thanks again...

felgall 02-05-2013 01:24 AM
Quote:
Originally Posted by countrydj (Post 1310918)
I must admit, I don't really know when to use POST and when to use GET.
Is there a rule of thumb ???.
When the data is passed in a querystring (that is after a ? as part of a web address) then you read it using $_GET.

If the data is being passed from a form that has method="POST" then you read it using $_POST.

Note that in both cases you should validate the content received looks reasonable before moving it to another field for subsequent processing by your code - preferably validation but at least sanitize the data before moving it. That way you keep the tainted fields separated from the untainted ones.

countrydj 02-05-2013 10:10 AM
Hi felgall ...

Thanks very much for your explanation. This makes it a lot clearer.

I changed all my POSTs and GETs some years ago when I read that REQUEST was the best.
Recently I have read that REQUEST shouldn't be used so I am changing it all back. Slowly.

Thanks again.

felgall 02-05-2013 06:38 PM
Quote:
Originally Posted by countrydj (Post 1311027)
Recently I have read that REQUEST shouldn't be used so I am changing it all back.
One reason $_REQUEST shouldn't be used is that using it means that you have no control over whether the information is passed in $_POST, $_GET or $_COOKIE as it consolidates all three. In most cases you only want the info to come from one of those three places and so not looking for it in the other two places makes your code more secure.

I have never seen anywhere recommending using REQUEST - even 10 years ago all the references I saw were recommending against using it.

countrydj 02-05-2013 06:46 PM
Hi felgall ...

Thanks for your explanation.
Quote:
I have never seen anywhere recommending using REQUEST - even 10 years ago all the references I saw were recommending against using it.
Maybe I am wrong (it has been known) - QUITE OFTEN ACTUALLY !!!

I just seem to remember seeing it somewhere ????????

Can you tell me when to use POST and when to use GET PLEASE ???

Thank you very much.

Fou-Lu 02-05-2013 07:09 PM
$_POST when your request is post, $_GET when you're request is get.
In HTML world, $_POST when your form has an action="post", $_GET when its passed through a querystring.

$_REQUEST is another one of those "brainchild" things that zend did, like register_globals and magic_quotes. Newer versions of PHP can control these variables (at perdir level) in PHP 5.3+. The ultimate fallback is still to variables_order which is by default EGPCS, or ENV, GET, POST, COOKIE, and finally SERVER. This is clearly a big problem as now you cannot tell which method provided what AND it's overridden in the order from left to right.
At the very minimum $_REQUEST should be manually overwritten as a merge of $_POST and $_GET, where $_POST overrides $_GET. My suggestion is to never use it.

countrydj 02-05-2013 11:31 PM
Many thanks Fou-Lu for your explanation.

Hopefully I will 'get there' eventually.

THANK YOU


All times are GMT +1. The time now is 11:09 PM.

Powered by vBulletin®
Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.