What I actually do is I retrieve the POST array and then extract the variables at the beginning of my script.
That's also why I forgot to add the quotes because I initialize my variable at the beginning, and I'm dealing with $cloningView directly.
I just added it manually to make it clear that it was coming from the form.

Why do you think that checking the value ($cloningView=="View") is better?
I just put something for it to be true but never paid attention to the exact string. I don't see the difference, if that POST variable exists it comes from my posted form so had that value. I just want my user to display something else when clicking on a button, so I don't care about the value itself.
I suppose it's a security thing but I don't see it?


From: anirudh dutt <[EMAIL PROTECTED]>
Reply-To: anirudh dutt <[EMAIL PROTECTED]>
To: Ron Piggott <[EMAIL PROTECTED]>
CC: PHP DB <php-db@lists.php.net>
Subject: Re: [PHP-DB] onClick
Date: Tue, 1 Mar 2005 17:49:23 +0530

On Mon, 28 Feb 2005 21:41:45 -0500, Ron Piggott
> Another question: Is there a way that I may set up an IF command with the
> onClick function so that my_web_page.php3 will not be displayed unless a web
> form was used to generate it? Ron

if ur page was generated by a non-form-submit (anything else), the
click wouldn't matter since ur page/form wasn't being used in the
first place. so any client side javascript validation u wanna use
won't even be called.

On Tue, 01 Mar 2005 09:37:09 +0000, mel list_php <[EMAIL PROTECTED]> wrote:
> I use a submit button with a name:
> <input type='submit' name='cloningView' value='View'>
> and then I can test on that name:
> if($_POST[cloningView])
> {
> ...display new web page ......
> }

(i think) he means
if(isset($_POST['cloningView'])) //add single/double quotes to avoid a warning.
if(isset($_POST['cloningView']) && $_POST['cloningView']) == 'View')
depending on paranoia level, not that it'll help but i bet it makes u
feel better ;-)

but that can be faked quite easily. just make sure u check all GPC
variables before using them. at the minimum, check if they exist.

Anirudh Dutt

...pilot of the storm who leaves no trace like thoughts inside a dream

PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

_________________________________________________________________ Express yourself with cool new emoticons http://www.msn.co.uk/specials/myemo

PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to