mirror of
https://github.com/sigmasternchen/php-doc-en
synced 2025-03-16 00:48:54 +00:00
Rewritten to focus on currently supported methods of accessing user input
git-svn-id: https://svn.php.net/repository/phpdoc/en/trunk@333549 c90b9560-bf6c-de11-be94-00142212c4b1
This commit is contained in:
Maciej Sobaczewski
parent
0aa774414a
commit
9ec7249d57
1 changed files with 82 additions and 51 deletions
|
|
@ -813,8 +813,8 @@ I am B.
|
|||
|
||||
<simpara>
|
||||
When a form is submitted to a PHP script, the information from
|
||||
that form is automatically made available to the script. There
|
||||
are many ways to access this information, for example:
|
||||
that form is automatically made available to the script. There
|
||||
are few ways to access this information, for example:
|
||||
</simpara>
|
||||
|
||||
<para>
|
||||
|
|
@ -833,58 +833,59 @@ I am B.
|
|||
</para>
|
||||
|
||||
<para>
|
||||
Depending on your particular setup and personal preferences, there
|
||||
are many ways to access data from your HTML forms. Some examples are:
|
||||
As of PHP 5.4.0, there are only two ways to access data from your HTML forms.
|
||||
Currently availiable methods are listed below:
|
||||
</para>
|
||||
|
||||
<!-- FIXME PHP_6 register_long_arrays removal alert -->
|
||||
<para>
|
||||
<example>
|
||||
<title>Accessing data from a simple POST HTML form</title>
|
||||
<programlisting role="php">
|
||||
<![CDATA[
|
||||
<?php
|
||||
// Available since PHP 4.1.0
|
||||
<?php
|
||||
echo $_POST['username'];
|
||||
echo $_REQUEST['username'];
|
||||
?>
|
||||
]]>
|
||||
</programlisting>
|
||||
</example>
|
||||
</para>
|
||||
|
||||
echo $_POST['username'];
|
||||
echo $_REQUEST['username'];
|
||||
<para>
|
||||
There were some other ways of accessing user input in old PHP versions. There
|
||||
are listed below. See changelog at the bottom of the page for more details.
|
||||
<example>
|
||||
<title>Old methods of accessing user input</title>
|
||||
<programlisting role="php">
|
||||
<![CDATA[
|
||||
<?php
|
||||
// WATCH OUT: these methods ARE NOT supported anymore.
|
||||
// Valid ones were described above.
|
||||
|
||||
// Using import_request_variables() - this function has been removed in PHP 5.4.0
|
||||
import_request_variables('p', 'p_');
|
||||
echo $p_username;
|
||||
|
||||
// As of PHP 5.0.0, these long predefined variables can be
|
||||
// disabled with the register_long_arrays directive.
|
||||
|
||||
// These long predefined variables were removed in PHP 5.4.0
|
||||
echo $HTTP_POST_VARS['username'];
|
||||
|
||||
// Available if the PHP directive register_globals = on. As of
|
||||
// PHP 4.2.0 the default value of register_globals = off.
|
||||
// Using/relying on this method is not preferred.
|
||||
|
||||
// Using register_globals. This feature was removed in PHP 5.4.0
|
||||
echo $username;
|
||||
?>
|
||||
]]>
|
||||
</programlisting>
|
||||
</example>
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Using a GET form is similar except you'll use the appropriate
|
||||
GET predefined variable instead. GET also applies to the
|
||||
<literal>QUERY_STRING</literal> (the information after the '?' in a URL). So,
|
||||
for example, <literal>http://www.example.com/test.php?id=3</literal>
|
||||
contains GET data which is accessible with <varname>$_GET['id']</varname>.
|
||||
See also <varname>$_REQUEST</varname> and
|
||||
<function>import_request_variables</function>.
|
||||
See also <varname>$_REQUEST</varname>.
|
||||
</para>
|
||||
|
||||
<note>
|
||||
<para>
|
||||
<link linkend="language.variables.superglobals">Superglobal arrays</link>,
|
||||
like <varname>$_POST</varname> and <varname>$_GET</varname>, became
|
||||
available in PHP 4.1.0
|
||||
</para>
|
||||
</note>
|
||||
|
||||
<note>
|
||||
<para>
|
||||
Dots and spaces in variable names are converted to underscores. For
|
||||
|
|
@ -893,27 +894,6 @@ I am B.
|
|||
</para>
|
||||
</note>
|
||||
|
||||
<para>
|
||||
As shown, before PHP 4.2.0 the default value for <link
|
||||
linkend="ini.register-globals">register_globals</link>
|
||||
was <emphasis>on</emphasis>. The PHP
|
||||
community is encouraging all to not rely on this directive
|
||||
as it's preferred to assume it's <emphasis>off</emphasis> and code
|
||||
accordingly.
|
||||
</para>
|
||||
|
||||
<note>
|
||||
<para>
|
||||
The <link linkend="ini.magic-quotes-gpc">magic_quotes_gpc</link>
|
||||
configuration directive affects Get, Post and Cookie values. If
|
||||
turned on, value (It's "PHP!") will automagically become (It\'s \"PHP!\").
|
||||
It was deemed that this was needed for escaping for DB insertion circa a
|
||||
decade ago and is a legacy feature now that should be disabled. See also
|
||||
<function>addslashes</function>, <function>stripslashes</function> and
|
||||
<link linkend="ini.magic-quotes-sybase">magic_quotes_sybase</link>.
|
||||
</para>
|
||||
</note>
|
||||
|
||||
<simpara>
|
||||
PHP also understands arrays in the context of form variables
|
||||
(see the <link linkend="faq.html">related faq</link>). You may,
|
||||
|
|
@ -994,9 +974,8 @@ if ($_POST) {
|
|||
any output is sent to the browser. This is the same restriction
|
||||
as for the <function>header</function> function. Cookie data
|
||||
is then available in the appropriate cookie data arrays, such
|
||||
as <varname>$_COOKIE</varname>, <varname>$HTTP_COOKIE_VARS</varname>
|
||||
as well as in <varname>$_REQUEST</varname>. See the
|
||||
<function>setcookie</function> manual page for more details and
|
||||
as <varname>$_COOKIE</varname> as well as in <varname>$_REQUEST</varname>.
|
||||
See the <function>setcookie</function> manual page for more details and
|
||||
examples.
|
||||
</simpara>
|
||||
|
||||
|
|
@ -1095,8 +1074,60 @@ $varname.ext; /* invalid variable name */
|
|||
</para>
|
||||
</sect2>
|
||||
|
||||
<sect2 xml:id="language.variables.external.changelog">
|
||||
<title>Changelog</title>
|
||||
|
||||
<para>
|
||||
<informaltable>
|
||||
<tgroup cols="2">
|
||||
<thead>
|
||||
<row>
|
||||
<entry>&Version;</entry>
|
||||
<entry>&Description;</entry>
|
||||
</row>
|
||||
</thead>
|
||||
<tbody>
|
||||
<row>
|
||||
<entry>5.4.0</entry>
|
||||
<entry>
|
||||
<link linkend="security.globals">Register Globals</link>,
|
||||
<link linkend="security.magicquotes">Magic Quotes</link> and
|
||||
<link linkend="ini.register-long-arrays">register_long_arrays</link>
|
||||
has been removed
|
||||
</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry>5.3.0</entry>
|
||||
<entry>
|
||||
<link linkend="security.globals">Register Globals</link>,
|
||||
<link linkend="security.magicquotes">Magic Quotes</link> and
|
||||
<link linkend="ini.register-long-arrays">register_long_arrays</link>
|
||||
became deprecated
|
||||
</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry>4.2.0</entry>
|
||||
<entry>
|
||||
<link linkend="ini.register-globals">register_globals</link>
|
||||
directive defaults to <emphasis>off</emphasis>.
|
||||
</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry>4.1.0</entry>
|
||||
<entry>
|
||||
<link linkend="language.variables.superglobals">Superglobal arrays</link>,
|
||||
like <varname>$_POST</varname> and <varname>$_GET</varname> became
|
||||
available
|
||||
</entry>
|
||||
</row>
|
||||
</tbody>
|
||||
</tgroup>
|
||||
</informaltable>
|
||||
</para>
|
||||
</sect2>
|
||||
|
||||
</sect1>
|
||||
|
||||
|
||||
</chapter>
|
||||
|
||||
<!-- Keep this comment at the end of the file
|
||||
|
|
|
|||
Loading…
Reference in a new issue