Forum Moderators: coopster
index.html
<form method="POST" action="register.php">
<p>MAC Address: <input type="text" name="mac" size="20"></p>
<p><input type="submit" value="Submit" name="submit"><input type="reset" value="Reset" name="reset"></p>
register.php
<?
$writemac = "eth1 " . $mac . "\n";
$filepointer = fopen('/mac/user.mac','a');
fwrite($filepointer,$writemac);
fclose($filepointer);
exec('sudo iptables -I eth1_mac -m mac --mac-source ' . $mac . ' -j RETURN');
$host = "localhost";
$user = "root";
$pass = "*******";
$dbname = "oakusers";
$connection = mysql_connect($host,$user,$pass) or die (mysql_errno().": ".mysql_error()."<BR>");
mysql_select_db($dbname);
$sql = "INSERT INTO macs VALUES ('" . $_POST['mac'] . "')";
mysql_query($sql);
echo "Thanks for registering MAC Address: $mac";
?>
Okay, how come I can print to the screen the inputed mac, add it to the text file and call the execution command with just $mac instead of having to use $_POST['mac'] like I had to in the mysql INSERT? When is it required to use $_POST or $_GET? I'm kind of confused about when and why we need to use them since that script works fine when echoing $mac as well as storing it in a text file works perfect. Thanks.
Dave
i think you have turned on "register_globals" in your php.ini. i think this is the reason, why you can access the $mac directly.
about POST and GET. i would always use get if you have only 1 - 5 short variables in a form and for search forms. because they get shown in the url after you submit the form.
so for example register.php?mac=1234556767
the big advantage of GET is, that you easily can use the back button. if you use post, you can't access the result page, if you went a step further.
e.g.
1. register form (POST)
2. register confirmation page
3. click on HP
4. back button from hp to register confirmation will break with "page expired"
there is a workaround that problem. i can send you the explanation for this one, if you need it.
if you submit large amount of text i would recommend post. so the variables don't get shown in the url.
barn
This is what mandrake says:
; You should do your best to write your scripts so that they do not require
; register_globals to be on; Using form variables as globals can easily lead
; to possible security problems, if the code is not very well thought of.
; ### MDK: This is set to On in Mandrake because a lot of existing scripts
; ### MDK: needs it to be on, and we don't want to break configuration.
; ### MDK: Turning it on is a Bad Thing (tm), but for the sake of
; ### MDK: compatibility and less technical support, we'll close our eyes ;-)
register_globals = On
So what scripts is it talking about?
Dave
if you would use $_REQUEST, $_POST, $_GET for example in all your scripts it shouldn't affect your scripts.
barn
