?
Solved

$_GET["action"] or $_POST["action"]?????

Posted on 2003-03-21
4
Medium Priority
?
492 Views
Last Modified: 2013-12-13
I am using $_GET["action"] and $_POST["action"] in my code. When i run this code on linux(my site web server) there is no error. But when I run the same code on my local machine Windows 2000 Server it gives the error
"Notice: Undefined index: action in E:\Work\admin\index.php on line 4"
And when i use
http://localhost/admin/index.php?action=add
then there is no error.
What is this and how can i avoid this?
WASIF


0
Comment
Question by:Muhammad Wasif
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 2

Expert Comment

by:bobsledbob
ID: 8185704

You probably need to wrap your statements in isset().  For instance,

if (isset($_GET["action"]))
  echo $_GET["action"];

This is good coding practise and will prevent the errors you're seeing.  Without your actual code, I can't help you much more than this.

0
 
LVL 20

Author Comment

by:Muhammad Wasif
ID: 8185786
<?php
include("connect.php");

if ($_GET["REQ"] == "auth")
{
     session_start();

     if (!isset($_SESSION["adm_ident"])){
     
          session_register("admin_login");
          session_register("admin_pass");
         
          $_SESSION["admin_login"] = $_POST["login"];
          $_SESSION["admin_pass"] = $_POST["pass"];
     }
 
      // Selecting admin's login&password from db
     $r=mysql_query("select * from $tb_admins where Login='$_SESSION[admin_login]'") or die ("mySQL error!");
     $f=mysql_fetch_array($r);
     //mysql_free_result($r);

     // If login and password are correct ...
     if (($f["Login"] == $_SESSION["admin_login"]) and ($f["Password"] == $_SESSION["admin_pass"]) and (mysql_numrows($r) == '1'))
     {
          //do something
          exit();
     }
     @mysql_close();
     session_start();session_unset(); session_destroy();
}
?>
<html>
     <head>
          <title>Admin</title>
     </head>
<body>
<br><br>
<center>
<table cellpadding=1 cellspacing=1 border=0 align="center">
     <form name=login action=index.php?REQ=auth method=post>
     <tr><td><font face=verdana size=1 color=000000>Login:</font></td><td><input type=text name=login size=50 maxlength=100 style="COLOR: 000000; FONT-SIZE: 11px"></td></tr>
     <tr><td><font face=verdana size=1 color=000000>Password:</font></td><td><input type=password name=pass size=50 maxlength=100 style="COLOR: 000000; FONT-SIZE: 11px"></td></tr>
     <tr><td align=center colspan="2"><input type=hidden name=first value="testyes"><input type=submit value="Enter" name="inbut"></td></tr>
     </form></tr>
</table>
</center>
</body>
</html>
0
 
LVL 2

Accepted Solution

by:
bobsledbob earned 80 total points
ID: 8187253

I don't see where you're specifically using $_GET["action"] or $_POST["action"] as you've described in your original question.  Are you just generically describing your use of $_GET and $_POST throughout your code?


I'm thinking for instance that this line will give you trouble:

if ($_GET["REQ"] == "auth")


In general, you should either initialize variables you are going to use (before doing comparisons on them), or at least be sure to wrap them in isset()

if (isset($_GET["REQ"]) && $_GET["REQ"] == "auth")


Here's a couple of more lines that might get you in trouble:

$_SESSION["admin_login"] = $_POST["login"];
$_SESSION["admin_pass"] = $_POST["pass"];

Don't you think you should probably at least validate these a little, to be sure they're in appropriate form?

ie.

if (! isset($_POST["login"]) || strlen($_POST["login"]) < 3)
  die ("You must supply a valid login name.");
if (! isset($_POST["login"]) || strlen($_POST["pass"]) < 8)
  die ("Invalid password.");

The point is twofold:

1)  Don't trust input from users.
2)  Always check to make sure that input you're expecting has actually been provided.


0
 
LVL 20

Author Comment

by:Muhammad Wasif
ID: 8195348
Thanx bob

WASIF
0

Featured Post

Enroll in August's Course of the Month

August's CompTIA IT Fundamentals course includes 19 hours of basic computer principle modules and prepares you for the certification exam. It's free for Premium Members, Team Accounts, and Qualified Experts!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Foreword (July, 2015) Since I first wrote this article, years ago, a great many more people have begun using the internet.  They are coming online from every part of the globe, learning, reading, shopping and spending money at an ever-increasing ra…
Things That Drive Us Nuts Have you noticed the use of the reCaptcha feature at EE and other web sites?  It wants you to read and retype something that looks like this. Insanity!  It's not EE's fault - that's just the way reCaptcha works.  But it i…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
Suggested Courses

741 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question