Sending Variables using GET

[jrzayev]

Hi, i am new in PHP. i have downloaded a video tutorial and begin learning. But i have a trouble in understanding some simple problems :)
So the Code is below:

Code: Select all

<html>
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
        <title>Sending Variables</title>
    </head>
    <body>
        <?php
       
        echo $a;
                     
        ?>
    </body>
</html>


The tutor says that, if you write like this in address bar :

Code: Select all

http://localhost/PhpProject2/test.php?a=77


The output must be "77".

But at in my own the output is:



The question is: "What is going on?" :) Thanks :)

i am using XAMPP Server 1.7.4, Netbeans IDE 7.0, and Firefox 5.0

[jrzayev]

echo $_GET['a'];


Thorsten

Wow what a quick reply :)
Thank you very much. it really helped !
:)

[crazymerlin]

Just a quick tip to add here: If you are passing multiple variables via the url, you can parse them into variables quickly by using the parse_url function.

Let's say your URL is:

Code: Select all

http://mydomain.com/index.php?action=new&id=47&user=9

If you then say:

Code: Select all

parse_url($_SERVER['QUERY_STRING']);

You then end up with 3 variables:

Code: Select all

$action, $id and $user

Hope you find that useful.

[jrzayev]

Thanks for a helpful comment :) Yeah it is useful :)

[crazymerlin]

THINK OF SECURITY !

Thorsten

Quite! Using $_GET should never be a serious solution if you could expose anything that a hacker could use to gain access to a page they should not be able to gain access to.
Checkout ACL and AUTH if you want to create something that has public user access.

[sidbray]

I always try to make the data from user input secure by either using htmlspecialchars ( for output on screen ) or mysql_real_escape_string ( for database input ).
It's easy but vital.

[mkherlakian_zend]

I'd also like to add one more thing to the very good points and answers made above. It would seem that the tutorial you are using expects a php directive called 'register_globals' http://php.net/manual/en/security.globals.php to be on, which was the norm for php 4, but started being discouraged for php 5.0-5-2, deprecated in 5.3 and removed in the upcoming 5.4. Point being that you might be using an older tutorial, and might want to look for something newer...
Register globals takes parameters passed in GET, POST and makes them available as php variables in the global scope, so the behaviour you describe would actually work.

[ocb12]

I agreee. mysql_real_escape_string() should be used whenever something is updated / saved / read in mysql. People usually forget this.