PDA

View Full Version : Need to know how to fix this


cheat-master30
06-13-2008, 10:33 PM
I'm trying to change over a form and posted information from register globals variables to using superglobals, and have removed the errors, but the data isn't actually now being posted. I currently have this as the form

<form action="CodeOutput.php" method="POST">
<select name="CodeT">
[options here]
</select>
<select name="Code">
[options here]
</select>
<input type="text" name="Value" />
<input type="text" name="Code1" />
<input type="text" name="Code2">
<input type="submit">
</form>

And this as the PHP script it's sent to:

<?php
print '$_POST["CodeT"]$_POST["Code"]&nbsp';
print '000000$_POST["Value"]<br />';
print '$_POST["Code1"]<br />';
print '$_POST["Code2"]<br />';
print 'D2000000 00000000';
?>

(Don't ask why the format, the purpose of the form and the codes generated need to be in the format of eight characters then a space, then eight characters then a line of the like and ending in the D2 thing...)

It worked fine with register globals on and the values as variables sent from the form, but as soon as I tried to use the superglobals for PHP5 and PHP6 compatibility, it stopped actually sending the data. Any ideas why or how to fix this?

MoT3rror
06-13-2008, 11:03 PM
Well for starters you can't have variables in single quotes.

So I would suggest using code like this.

print $_POST['CodeT'] . $_POST['Code'] . '&nbsp';
print '000000' . $_POST['Value'] . '<br />';
print $_POST['Code1'] . '<br />';
print $_POST['Code2'] . '<br />';
print 'D2000000 00000000';


Also I would suggest to valuadate this date before you output.
Here is a article to use as reference. (https://vborg.vbsupport.ru/showthread.php?t=154411&highlight=security)

cheat-master30
06-13-2008, 11:07 PM
If you're wondering why there wasn't any security, it's because as a script while it was/is going to be used on my site, it won't actually submit to a database, but it's just ran whenever someone submits a form, with nothing saved to the server via a post request.

But I'll try what you said, and thanks.

Edit: Worked a treat, thanks.