Jump to content

Really simple PHP question


nullArray

Recommended Posts

Greetings, my boss is having me learn PHP in my downtime. It's pretty interesting. I get to go home early (and get paid) if I can complete his tasks.

I managed to complete task one, but he'd really like for me to clean up my error messages before I go home.

<?php

$name = $_POST['name'];
$age = $_POST['age'];
if (!isset($_POST['submit'])) { 
?>

<html>
<head>
<title>PHP Test</title>
</head>
<body>

Please enter the following information:
<br> <br>

<form method="post">
Name:    <input type="text" size="25" maxlength="25" name="name"><br />
Age:    <input type="text" size="3" maxlength="3" name="age"><br /><br />
<input type="submit" value="submit" name="submit">
</form>

<?
} 
    else 
    {
        echo "Hello, ".$name.".<br />";
        echo "You are ".$age." years old, and you love PHP.";
    }
?>

I get the following error message:

[Wed Mar 25 15:57:55 2009] [error] [client (hidden for privacy)] PHP Notice: Undefined index: name in (hidden for privacy)/index.php on line 3

[Wed Mar 25 15:57:55 2009] [error] [client (hidden for privacy)] PHP Notice: Undefined index: age in (hidden for privacy)/index.php on line 4

Any idea what that means?

Using error_reporting(0); works, but my guess is that only masks the problem.

Link to comment
Share on other sites

You never check to see if name or age was posted. If statement wrapper please!

Hint?

I wrote what I've got from 10 minutes of skimming a PHP tutorial.

Link to comment
Share on other sites

Yep, that did it. Thanks.

Link to comment
Share on other sites

Funny. I run what you have there in your first post and got no error messages from it. I don't have error messages suppressed either, as I get plenty of them on other things I work through. Are you posting this data to another step, proces or page that does somehting with the data and could be gettign the error? Because this works on my server. Just change POST to GET and you will see it processes it correctly. It will show up in the URL with a GET just so you can see what it looks like, but usually, you don't want to pass data to the server with GET because anyone on that machine can see it in the browsers URL history. Also, sanitize the input, so no one can put anything other than whats needed into the boxes. Liek for age, only numbers should be valid, name should not be allowed to use any funky characters or unicode stuff that could work against the server and compromise it. example, if someone were to use some javascript in there or even pass PHP commands to a process.

?name=bob&age=999&submit=submit

If you put the following in the name box, it executes the javascript.

<script>alert()</script>

Granted your name box text length was short, I had just enough room to put that in. If it allowed more space, you could enter a nastier script. It executes on IE and Opera, not sure about FF.

Link to comment
Share on other sites

Funny. I run what you have there in your first post and got no error messages from it. I don't have error messages suppressed either, as I get plenty of them on other things I work through. Are you posting this data to another step, proces or page that does somehting with the data and could be gettign the error? Because this works on my server. Just change POST to GET and you will see it processes it correctly. It will show up in the URL with a GET just so you can see what it looks like, but usually, you don't want to pass data to the server with GET because anyone on that machine can see it in the browsers URL history. Also, sanitize the input, so no one can put anything other than whats needed into the boxes. Liek for age, only numbers should be valid, name should not be allowed to use any funky characters or unicode stuff that could work against the server and compromise it. example, if someone were to use some javascript in there or even pass PHP commands to a process.

?name=bob&age=999&submit=submit

If you put the following in the name box, it executes the javascript.

<script>alert()</script>

Granted your name box text length was short, I had just enough room to put that in. If it allowed more space, you could enter a nastier script. It executes on IE and Opera, not sure about FF.

I still only marginally understand the difference between POST, GET and REQUEST, but it works and pleased my boss. I totally managed to finish the project way early. "For tomorrow" I had to put this data into a MySQL table/database that apparently was associated with my university unix account.

I got that working too! I'm quite pleased with what I was able to accomplish in under three hours without any prior experience. So since I finished this early, I'm super excited to "impress" my boss tomorrow.

In my php code, I use when I connect to sql its like "localhost","username","password." This stuff is hidden from users right? They can't view my source and reverse engineer it? How can I fix the <script> thing?, that looks serious (and put null entries in my SQL database :( )

Link to comment
Share on other sites

Something like

$name= preg_replace("/[^a-zA-Z]/", "", $name);

You create a function to grab the string, and only allow alphanumeric items in the input fields.

Examples: http://www.phpbuilder.com/columns/sanitize_inc_php.txt

http://us3.php.net/preg-match

http://us3.php.net/manual/en/function.preg-replace.php

Link to comment
Share on other sites

Something like

$name= preg_replace("/[^a-zA-Z]/", "", $name);

You create a function to grab the string, and only allow alphanumeric items in the input fields.

Examples: http://www.phpbuilder.com/columns/sanitize_inc_php.txt

http://us3.php.net/preg-match

http://us3.php.net/manual/en/function.preg-replace.php

So I create a separate function, and pass my variable into it or can I just drop that code on a line I already have?

This is all very interesting.

Link to comment
Share on other sites

Something like

$name= preg_replace("/[^a-zA-Z]/", "", $name);

You create a function to grab the string, and only allow alphanumeric items in the input fields.

Examples: http://www.phpbuilder.com/columns/sanitize_inc_php.txt

http://us3.php.net/preg-match

http://us3.php.net/manual/en/function.preg-replace.php

This is where a good framework makes everything so much easier. CakePHP has a really nice way of setting up validation rules for you and all the regexs are done.

Link to comment
Share on other sites

This is where a good framework makes everything so much easier. CakePHP has a really nice way of setting up validation rules for you and all the regexs are done.

Yeah, I have no idea what that means...,

I've only been using PHP for two hours.

Link to comment
Share on other sites

Okay, I'm implemented a lot of things..., including:

$name= preg_replace("/[^a-zA-Z]/", "", $name);

Now if someone enters, say, "Steve Jobs" into my new name field, it instead turns $name into SteveJobs. I'd like to keep spaces intact for $name. Suggestions?

Link to comment
Share on other sites

Okay, I'm implemented a lot of things..., including:

$name= preg_replace("/[^a-zA-Z]/", "", $name);

Now if someone enters, say, "Steve Jobs" into my new name field, it instead turns $name into SteveJobs. I'd like to keep spaces intact for $name. Suggestions?

Link to comment
Share on other sites

You need to alter your regex so that it allows spaces, something like:

/[^a-zA-Z\s]/

Probably.

I belive that is correct also. \s (Small "s")

The following should be escaped if you are trying to match that character

\ ^ . $ | ( ) [ ]

* + ? { } ,

Special Character Definitions

\ Quote the next metacharacter

^ Match the beginning of the line

. Match any character (except newline)

$ Match the end of the line (or before newline at the end)

| Alternation

() Grouping

[] Character class

* Match 0 or more times

+ Match 1 or more times

? Match 1 or 0 times

{n} Match exactly n times

{n,} Match at least n times

{n,m} Match at least n but not more than m times

More Special Character Stuff

\t tab (HT, TAB)

\n newline (LF, NL)

\r return (CR)

\f form feed (FF)

\a alarm (bell) (BEL)

\e escape (think troff) (ESC)

\033 octal char (think of a PDP-11)

\x1B hex char

\c[ control char

\l lowercase next char (think vi)

\u uppercase next char (think vi)

\L lowercase till \E (think vi)

\U uppercase till \E (think vi)

\E end case modification (think vi)

\Q quote (disable) pattern metacharacters till \E

Even More Special Characters

\w Match a "word" character (alphanumeric plus "_")

\W Match a non-word character

\s Match a whitespace character

\S Match a non-whitespace character

\d Match a digit character

\D Match a non-digit character

\b Match a word boundary

\B Match a non-(word boundary)

\A Match only at beginning of string

\Z Match only at end of string, or before newline at the end

\z Match only at end of string

\G Match only where previous m//g left off (works only with /g)

Link to comment
Share on other sites

Thanks for all the help.

What do most people use to write PHP? I'm using a new program available for the Mac called Espresso. It seems pretty rad.

Link to comment
Share on other sites

Notepad++, just because I can debug line errors and it does color highlighting for code. Other than that, just plain notepad.

Link to comment
Share on other sites

Erm... why are you using PHP 3?

I say this because the errors your recieving are PHP3 style and im assuming you dont have a custom error handler.

As for the errors, its there because you dont check for the $name and the other variables existance. Its also bad practise to use $name instead of $_POST['name'] as in PHP5, register globals are disabled by default and are removed in PHP6.

Try tizag.com for some simple tutorials or go to php.net and see the user posted examples and read the documenttation. Should help you get a better grasp of the language.

Link to comment
Share on other sites

Erm... why are you using PHP 3?

I say this because the errors your recieving are PHP3 style and im assuming you dont have a custom error handler.

As for the errors, its there because you dont check for the $name and the other variables existance. Its also bad practise to use $name instead of $_POST['name'] as in PHP5, register globals are disabled by default and are removed in PHP6.

Try tizag.com for some simple tutorials or go to php.net and see the user posted examples and read the documenttation. Should help you get a better grasp of the language.

Where did it say he used PHP 3?

Link to comment
Share on other sites

Erm... why are you using PHP 3?

I say this because the errors your recieving are PHP3 style and im assuming you dont have a custom error handler.

As for the errors, its there because you dont check for the $name and the other variables existance. Its also bad practise to use $name instead of $_POST['name'] as in PHP5, register globals are disabled by default and are removed in PHP6.

Try tizag.com for some simple tutorials or go to php.net and see the user posted examples and read the documenttation. Should help you get a better grasp of the language.

Wow, harshness.

I don't know, I didn't actively seek out old versions of PHP. What I wrote there took me under an hour from absolutely nothing but a syntax guideline + trial and error. It's since changed now and has a database, sanitation, input validation and stuff, which took about an extra three hours. Probably an hour of that was learning mysql, because I didn't know anything about it.

Relax dood, I'm not a seasoned PHP vet...,

Link to comment
Share on other sites

@digip, read all of my post before replying ;)

I say this because the errors your recieving are PHP3 style and im assuming you dont have a custom error handler.

Yeah, but I think those errors can happen in later versions up to 5.x.

http://www.google.com/search?hl=en&q=%...G=Google+Search

Wasn't the error becasue he was posting it to a database upon entering the page before the data that was checked for valid input from the form? Or am I wrong. im no expert and don't claim to be, and I did read ALL of your post. Just wondering where php3 comes into it?

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...