Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

$_GET["action"] or $_POST["action"]?????

Posted on 2003-03-21
4
Medium Priority
?
495 Views
Last Modified: 2013-12-13
I am using $_GET["action"] and $_POST["action"] in my code. When i run this code on linux(my site web server) there is no error. But when I run the same code on my local machine Windows 2000 Server it gives the error
"Notice: Undefined index: action in E:\Work\admin\index.php on line 4"
And when i use
http://localhost/admin/index.php?action=add
then there is no error.
What is this and how can i avoid this?
WASIF


0
Comment
Question by:Muhammad Wasif
  • 2
  • 2
4 Comments
 
LVL 2

Expert Comment

by:bobsledbob
ID: 8185704

You probably need to wrap your statements in isset().  For instance,

if (isset($_GET["action"]))
  echo $_GET["action"];

This is good coding practise and will prevent the errors you're seeing.  Without your actual code, I can't help you much more than this.

0
 
LVL 20

Author Comment

by:Muhammad Wasif
ID: 8185786
<?php
include("connect.php");

if ($_GET["REQ"] == "auth")
{
     session_start();

     if (!isset($_SESSION["adm_ident"])){
     
          session_register("admin_login");
          session_register("admin_pass");
         
          $_SESSION["admin_login"] = $_POST["login"];
          $_SESSION["admin_pass"] = $_POST["pass"];
     }
 
      // Selecting admin's login&password from db
     $r=mysql_query("select * from $tb_admins where Login='$_SESSION[admin_login]'") or die ("mySQL error!");
     $f=mysql_fetch_array($r);
     //mysql_free_result($r);

     // If login and password are correct ...
     if (($f["Login"] == $_SESSION["admin_login"]) and ($f["Password"] == $_SESSION["admin_pass"]) and (mysql_numrows($r) == '1'))
     {
          //do something
          exit();
     }
     @mysql_close();
     session_start();session_unset(); session_destroy();
}
?>
<html>
     <head>
          <title>Admin</title>
     </head>
<body>
<br><br>
<center>
<table cellpadding=1 cellspacing=1 border=0 align="center">
     <form name=login action=index.php?REQ=auth method=post>
     <tr><td><font face=verdana size=1 color=000000>Login:</font></td><td><input type=text name=login size=50 maxlength=100 style="COLOR: 000000; FONT-SIZE: 11px"></td></tr>
     <tr><td><font face=verdana size=1 color=000000>Password:</font></td><td><input type=password name=pass size=50 maxlength=100 style="COLOR: 000000; FONT-SIZE: 11px"></td></tr>
     <tr><td align=center colspan="2"><input type=hidden name=first value="testyes"><input type=submit value="Enter" name="inbut"></td></tr>
     </form></tr>
</table>
</center>
</body>
</html>
0
 
LVL 2

Accepted Solution

by:
bobsledbob earned 80 total points
ID: 8187253

I don't see where you're specifically using $_GET["action"] or $_POST["action"] as you've described in your original question.  Are you just generically describing your use of $_GET and $_POST throughout your code?


I'm thinking for instance that this line will give you trouble:

if ($_GET["REQ"] == "auth")


In general, you should either initialize variables you are going to use (before doing comparisons on them), or at least be sure to wrap them in isset()

if (isset($_GET["REQ"]) && $_GET["REQ"] == "auth")


Here's a couple of more lines that might get you in trouble:

$_SESSION["admin_login"] = $_POST["login"];
$_SESSION["admin_pass"] = $_POST["pass"];

Don't you think you should probably at least validate these a little, to be sure they're in appropriate form?

ie.

if (! isset($_POST["login"]) || strlen($_POST["login"]) < 3)
  die ("You must supply a valid login name.");
if (! isset($_POST["login"]) || strlen($_POST["pass"]) < 8)
  die ("Invalid password.");

The point is twofold:

1)  Don't trust input from users.
2)  Always check to make sure that input you're expecting has actually been provided.


0
 
LVL 20

Author Comment

by:Muhammad Wasif
ID: 8195348
Thanx bob

WASIF
0

Featured Post

[Webinar On Demand] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

These days socially coordinated efforts have turned into a critical requirement for enterprises.
The title says it all. Writing any type of PHP Application or API code that provides high throughput, while under a heavy load, seems to be an arcane art form (Black Magic). This article aims to provide some general guidelines for producing this typ…
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
Suggested Courses

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question