Gossamer Forum
Home : Products : Gossamer Links : PHP Front End :

get_form_data function.

Quote Reply
get_form_data function.
Hi,

Why are you using a function to grab the form data? With PHP, if you access a page such as page.php?name=mike

In the code you can access that as $name without needing the function. Are you doing it so you can see what data you have to work with? If so, wouldn't it be better to just assume that you have everything you need, and in a function where you need it, check to make sure those values aren't Null?

I understand in PERL you need to have a function like this, or use CGI.pm - but I don't see the point of having it for this...
Cheers,
Michael Bray
Quote Reply
Re: [Michael_Bray] get_form_data function. In reply to
I hate having register_globals turned on. Wink But if that's not a good enough reason:
1) clutters up the global namespace.
2) I personally like having everything that the user has passed in in an array, erm i mean a hash, erm i mean an associative array Tongue.
3) it's slightly faster as php won't have to go and make all those variables globals.
4) if you look at something else it does, is strip the slashes if the server has magic_quotes_gpc turned on. magic_quotes_gpc automatically addslashes on any GET/POST/COOKIE data, but the thing is you can't turn it on and off during runtime reliably (well it didn't seem to work for me).

Adrian
Quote Reply
Re: [brewt] get_form_data function. In reply to
set_magic_quotes_runtime(0);

http://www.php.net/manual/en/function.set-magic-quotes-runtime.php

That should set it reliably shouldn't it? The other reasons look alright - I might do some benchmarks to check if it is faster, I would have thought it was slower...

Anyways,

I'll be back with benchmarks when I can be bothered doing them :)
Cheers,
Michael Bray
Quote Reply
Re: [Michael_Bray] get_form_data function. In reply to
My thinking was that adding that function to Links.inc.php would remove the need to strip slashes on each val? Just looking over how it works now. Still getting used to it.
Cheers,
Michael Bray
Quote Reply
Re: [Michael_Bray] get_form_data function. In reply to
Quote:
If magic_quotes_runtime is enabled, most functions that return data from any sort of external source including databases and text files will have quotes escaped with a backslash. If magic_quotes_sybase is also on, a single-quote is escaped with a single-quote instead of a backslash.
Actually, I haven't really tested magic_quotes_runtime, but I know you can't rely on magic_quotes_gpc being turned on or off (this is the option which does the addslashes on GET/POST/etc).

I kind of doubt it would make a significant difference between register_globals being on or off, but if you look at PHP's optimized ini file, you'll see they recommend it being off.


Adrian
Quote Reply
Re: [Michael_Bray] get_form_data function. In reply to
Well, the problem is everyone has different PHP configurations, and some options are just can't change at runtime (track_vars being one). Technically, you would be able to put an entry in .htaccess to turn off magic_quotes_gpc for that directory, but I don't think that's a very good solution, as the httpd config might not allow it. So that leaves having to stripslashes yourself if magic_quotes_gpc is enabled. Just one of the annoyances of PHP I suppose.


Adrian
Quote Reply
Re: [Michael_Bray] get_form_data function. In reply to
From a programming point of view, having user created globals just makes me shudder. It's such a step backwards, like the first perl scripts where no one used strict, and everything was a global, and subroutines modified each other globals, etc, etc. Ugh!

Having all the input vars in one place makes much more sense and is much easier to program with.

I think Adrian made it so that the variables are available directly on the template, you don't need to get them from the hash.

Cheers,

Alex
--
Gossamer Threads Inc.
Quote Reply
Re: [brewt] get_form_data function. In reply to
Does turning off the register globals work for you? You shouldn't be able to change that value from a script.

http://www.php.net/manual/en/function.ini-set.php

PHP_INI_PERDIR - Entry can be set in .htaccess
PHP_INI_SYSTEM - Entry can be set in php.ini or httpd.conf

The script should not allowed to be able to change that value...
Cheers,
Michael Bray
Quote Reply
Re: [Michael_Bray] get_form_data function. In reply to
Actually, you can't change it from the script Wink


Adrian
Quote Reply
Re: [brewt] get_form_data function. In reply to
I almost reinstalled bloody PHP on my computer trying to get it to work before I looked it up. You are probably better off just getting rid of that line from the code (It won't do anything anway Tongue), using the get_form_data and then either distributing a .htaccess file with Links SQL or recommending people to change there php.ini

I turned of register_globals in my php.ini file now. I am starting to like the way it works Wink
Cheers,
Michael Bray
Quote Reply
Re: [Michael_Bray] get_form_data function. In reply to
Hi,

Sorry, are you saying it doesn't work if you have register_globals on in php.ini?

Cheers,

Alex
--
Gossamer Threads Inc.
Quote Reply
Re: [Alex] get_form_data function. In reply to
No,

I'm saying that the function

ini_set('register_globals', 0);

on line 68 of Links.inc.php

does not work, as the script it self does not have privelages to change that setting. The script still works if Register_Globals is still on.

Basically what I meant is that if you want to to Register_Globals off you are going to have to take a new approach.


Cheers,
Michael Bray
Quote Reply
Re: [Michael_Bray] get_form_data function. In reply to
Ah, does it fatal though? Can you still run page.php with that there? (Yes, it will get changed of course, just wondering if the php beta is going to be broken on most people who try it out).

Cheers,

Alex
--
Gossamer Threads Inc.
Quote Reply
Re: [Alex] get_form_data function. In reply to
It still works mate Smile
Cheers,
Michael Bray
Quote Reply
Re: [Alex] get_form_data function. In reply to
It works fine with register_globals turned on or off. Just that line doesn't really do anything Smile It doesn't really make a difference if it's on or off (I have it turned on at work, and turned off at home, and both work w/o any problems).

Adrian
Quote Reply
Re: [brewt] get_form_data function. In reply to
2) I personally like having everything that the user has passed in in an array, erm i mean a hash, erm i mean an associative array Tongue.


A question for you - if there's a file uploaded by a user via a form, how do you access the file properties etc through the $IN variable the way you've got it set up if you've got $GLOBALS off?

Cheers,
Regan.
Quote Reply
Re: [ryel01] get_form_data function. In reply to
Quote:
In PHP 4, the behaviour is slightly different, in that the new global array $HTTP_POST_FILES is provided to contain the uploaded file information. This is still only available if track_vars is turned on, but track_vars is always turned on in versions of PHP after PHP 4.0.2.
It wouldn't actually be available in $IN... (well at the code's current state).

Then there's:
Quote:
In PHP, the following variables will be defined within the destination script upon a successful upload, assuming that register_globals is turned on in php.ini. If track_vars is turned on, they will also be available in PHP within the global array $HTTP_POST_VARS. Note that the following variable names assume the use of the file upload name 'userfile', as used in the example above:
If it *did* work like this (haven't played with file uploads yet), then it would be $IN['userfile'], $IN['userfile_name'], ...


Adrian
Quote Reply
Re: [brewt] get_form_data function. In reply to
In Reply To:
Quote:
Note that the following variable names assume the use of the file upload name 'userfile', as used in the example above:
If it *did* work like this (haven't played with file uploads yet), then it would be $IN['userfile'], $IN['userfile_name'], ...


I just tried this in the get_form_data() routine above the magic quotes call and it seems to work fine..


foreach ($HTTP_POST_FILES as $file => $filearray ) {
foreach ($filearray as $filekey => $fileval) {
$data["$file"."_$filekey"] = $fileval;
}
}

and added $HTTP_POST_FILES to the globals so it would work.


I guess there might be compatibility issues with earlier versions of php that don't use $HTTP_POST_FILES?

R.

Last edited by:

ryel01: Nov 13, 2001, 3:35 PM
Quote Reply
Re: [ryel01] get_form_data function. In reply to
In Reply To:
I guess there might be compatibility issues with earlier versions of php that don't use $HTTP_POST_FILES?
I'm assuming this is just a general PHP question since the PHP frontend requires PHP version 4.01pl2 or higher (which all would support $HTTP_POST_FILES, since 4.0+ supports it); so, yes, from looking at the PHP manual, you would need PHP 4.0+ to use $HTTP_POST_FILES (and of course the track_vars option to be turned on).



Adrian