Change $_REQUEST to $_POST problem

countrydj · 02-04-2013, 12:22 PM

On advice, I am changing all my $_REQUEST to $_POST.

My form is:

Code:

<form action="register-exec.php" target="new" method="POST">

My register-exec.php (receiving script) is:

Code:

<?php
	//Start session
	session_start();
	
	//Include database connection details
	require_once('config.php');

$from = $_REQUEST['email'];

$action = $_REQUEST['action'];

When I change it to:

Code:

<?php
	//Start session
	session_start();
	
	//Include database connection details
	require_once('config.php');

$from = $_POST['email'];

$action = $_POST['action'];

nothing gets through. I just get a blank screen.

If I set a trap:

Code:

echo $email; exit;

I get a blank screen.

Code:

echo "Hello World"; exit;

I get Hello World echoed.

Can anybody think of what I am doing wrong ???

I have checked other scripts that I have changed and can't find any difference.

Thanks

Fou-Lu · 02-04-2013, 03:44 PM

$email isn't declared as anything, so that provides no surprise that it produces no output.
Enable your error reporting:

PHP Code:


			
ini_set('display_errors', 1);
error_reporting(E_ALL);

You can check the $_POST using var_dump($_POST); to see what's in it. If its empty, it's not receiving post, which indicates that it is receiving a $_GET instead. Did you modify the form action there as well, or was that always post?

Also, this hasn't a thing to do with Mysql. Moving to PHP forum.

countrydj · 02-04-2013, 08:38 PM

Hi Fou-Lu..

Many thanks, once again.
Firstly, let me apologise for posting in the wrong forum. I do get confused when the php objective is to populate the mysql database.

Secondly, sorry I misled you with $email. That was actually declared lower down the list (I only showed part of the list to save space.

However, I have obviously confused myself because this is not the problem.

The script is a double opt-in email catcher.
i.e. the subscriber fills in the form and the script sends out an email to the subscriber to verify the correct email address. The subscriber then clicks on a link in the email which then adds the data to the database.

The problem is NOT sending out the email, it is AFTER the subscriber clicks on the link. This is the link that is sent out to the subscriber:

PHP Code:


			
//////// SEND SUBSCRIBE VALIDATION EMAIL



    $mail_body = "Please DO NOT reply to this email. It is an unattended mailbox.\n\nTo validate your email address, please click the following link:\n\nhttp://countrymusic.org.uk/calendar/register-exec.php?email=$from&emailcount=$emailcount&act=$active&action=subscribe&fname=$fname&surname=$surname&country=$country&year=$year&m=$hashed";



    mail($from, "Validation Email", $mail_body, "From: noreply@countrymusic.org.uk\n");

This is the email that the subscriber receives:

Quote:

Please DO NOT reply to this email. It is an unattended mailbox.

To validate your email address, please click the following link:

countrymusic.org.uk/calendar/register-exec.php?email=jc1@in-uk.co.uk&emailcount=1&act=1&action=subscribe&fname=John&surname=Craven&country=UK&year=2013&m=7d2263 650cde3c8a1f5744414de3a748

NB. I have removed the http\\ from the front of the link. I insisted on making it a link with it there.

I notice in here that there is no indication of method=POST.

This script worked perfectly well using $_REQUEST

Now that I have sorted my brain, can you help ???

Thanks

TFlan · 02-04-2013, 09:08 PM

Quote:

I notice in here that there is no indication of method=POST.

This script worked perfectly well using $_REQUEST

You have solved your own problem...

The $_REQUEST array includes $_GET, $_POST, and $_COOKIE

You are utilizing $_POST for the form submission and $_GET for the link.

To get the information held in the URL query string, you need to use $_GET, not $_POST

IE:

PHP Code:


			
// Link: http://countrymusic.org.uk/calendar/register-exec.php?email=jc1@in-uk.co.uk&emailcount=1&act=1&action=subscribe&fname=John&surname=Craven&country=UK&year=2013&m=7d2263 650cde3c8a1f5744414de3a748
$email = $_GET['email']; // jc1@in-uk.co.uk

countrydj · 02-04-2013, 10:03 PM

Hi TFlan ...
Thank you so much for your help.

That worked fine.

I must admit, I don't really know when to use POST and when to use GET.
Is there a rule of thumb ???

How do you know that I am using GET for the string.
Is this always the case ???

Thanks again...

felgall · 02-05-2013, 01:24 AM

Quote:

Originally Posted by countrydj

I must admit, I don't really know when to use POST and when to use GET.
Is there a rule of thumb ???.

When the data is passed in a querystring (that is after a ? as part of a web address) then you read it using $_GET.

If the data is being passed from a form that has method="POST" then you read it using $_POST.

Note that in both cases you should validate the content received looks reasonable before moving it to another field for subsequent processing by your code - preferably validation but at least sanitize the data before moving it. That way you keep the tainted fields separated from the untainted ones.

countrydj · 02-05-2013, 10:10 AM

Hi felgall ...

Thanks very much for your explanation. This makes it a lot clearer.

I changed all my POSTs and GETs some years ago when I read that REQUEST was the best.
Recently I have read that REQUEST shouldn't be used so I am changing it all back. Slowly.

Thanks again.

felgall · 02-05-2013, 06:38 PM

Quote:

Originally Posted by countrydj

Recently I have read that REQUEST shouldn't be used so I am changing it all back.

One reason $_REQUEST shouldn't be used is that using it means that you have no control over whether the information is passed in $_POST, $_GET or $_COOKIE as it consolidates all three. In most cases you only want the info to come from one of those three places and so not looking for it in the other two places makes your code more secure.

I have never seen anywhere recommending using REQUEST - even 10 years ago all the references I saw were recommending against using it.

countrydj · 02-05-2013, 06:46 PM

Hi felgall ...

Thanks for your explanation.

Quote:

I have never seen anywhere recommending using REQUEST - even 10 years ago all the references I saw were recommending against using it.

Maybe I am wrong (it has been known) - QUITE OFTEN ACTUALLY !!!

I just seem to remember seeing it somewhere ????????

Can you tell me when to use POST and when to use GET PLEASE ???

Thank you very much.

Fou-Lu · 02-05-2013, 07:09 PM

$_POST when your request is post, $_GET when you're request is get.
In HTML world, $_POST when your form has an action="post", $_GET when its passed through a querystring.

$_REQUEST is another one of those "brainchild" things that zend did, like register_globals and magic_quotes. Newer versions of PHP can control these variables (at perdir level) in PHP 5.3+. The ultimate fallback is still to variables_order which is by default EGPCS, or ENV, GET, POST, COOKIE, and finally SERVER. This is clearly a big problem as now you cannot tell which method provided what AND it's overridden in the order from left to right.
At the very minimum $_REQUEST should be manually overwritten as a merge of $_POST and $_GET, where $_POST overrides $_GET. My suggestion is to never use it.

countrydj · 02-05-2013, 11:31 PM

Many thanks Fou-Lu for your explanation.

Hopefully I will 'get there' eventually.

THANK YOU