From 9ec7249d5744ce41c6a3649b23d6fe524549adf7 Mon Sep 17 00:00:00 2001 From: Maciej Sobaczewski Date: Sat, 17 May 2014 05:08:40 +0000 Subject: [PATCH] Rewritten to focus on currently supported methods of accessing user input git-svn-id: https://svn.php.net/repository/phpdoc/en/trunk@333549 c90b9560-bf6c-de11-be94-00142212c4b1 --- language/variables.xml | 133 +++++++++++++++++++++++++---------------- 1 file changed, 82 insertions(+), 51 deletions(-) diff --git a/language/variables.xml b/language/variables.xml index 37c5a7f0f9..f205d5edcd 100644 --- a/language/variables.xml +++ b/language/variables.xml @@ -813,8 +813,8 @@ I am B. When a form is submitted to a PHP script, the information from - that form is automatically made available to the script. There - are many ways to access this information, for example: + that form is automatically made available to the script. There + are few ways to access this information, for example: @@ -833,58 +833,59 @@ I am B. - Depending on your particular setup and personal preferences, there - are many ways to access data from your HTML forms. Some examples are: + As of PHP 5.4.0, there are only two ways to access data from your HTML forms. + Currently availiable methods are listed below: - Accessing data from a simple POST HTML form +]]> + + + - echo $_POST['username']; - echo $_REQUEST['username']; + + There were some other ways of accessing user input in old PHP versions. There + are listed below. See changelog at the bottom of the page for more details. + + Old methods of accessing user input + + ]]> + Using a GET form is similar except you'll use the appropriate GET predefined variable instead. GET also applies to the QUERY_STRING (the information after the '?' in a URL). So, for example, http://www.example.com/test.php?id=3 contains GET data which is accessible with $_GET['id']. - See also $_REQUEST and - import_request_variables. + See also $_REQUEST. - - - Superglobal arrays, - like $_POST and $_GET, became - available in PHP 4.1.0 - - - Dots and spaces in variable names are converted to underscores. For @@ -893,27 +894,6 @@ I am B. - - As shown, before PHP 4.2.0 the default value for register_globals - was on. The PHP - community is encouraging all to not rely on this directive - as it's preferred to assume it's off and code - accordingly. - - - - - The magic_quotes_gpc - configuration directive affects Get, Post and Cookie values. If - turned on, value (It's "PHP!") will automagically become (It\'s \"PHP!\"). - It was deemed that this was needed for escaping for DB insertion circa a - decade ago and is a legacy feature now that should be disabled. See also - addslashes, stripslashes and - magic_quotes_sybase. - - - PHP also understands arrays in the context of form variables (see the related faq). You may, @@ -994,9 +974,8 @@ if ($_POST) { any output is sent to the browser. This is the same restriction as for the header function. Cookie data is then available in the appropriate cookie data arrays, such - as $_COOKIE, $HTTP_COOKIE_VARS - as well as in $_REQUEST. See the - setcookie manual page for more details and + as $_COOKIE as well as in $_REQUEST. + See the setcookie manual page for more details and examples. @@ -1095,8 +1074,60 @@ $varname.ext; /* invalid variable name */ + + Changelog + + + + + + + &Version; + &Description; + + + + + 5.4.0 + + Register Globals, + Magic Quotes and + register_long_arrays + has been removed + + + + 5.3.0 + + Register Globals, + Magic Quotes and + register_long_arrays + became deprecated + + + + 4.2.0 + + register_globals + directive defaults to off. + + + + 4.1.0 + + Superglobal arrays, + like $_POST and $_GET became + available + + + + + + + + - +