Hi Slack-Moehrle
Slack-Moehrle wrote on 22/02/2010 21:39:
Hi All,
I have Forms that I submit for processing. I have seen examples of people using
either $_POST or $_REQUEST.
When would I choose one over the other?
$_REQUEST['test'] is true on both $_GET['test'] and $_POST['test']
I use it from time to time if I have a edit link followed by a form
posting (where I use method=post), if I decide to have all editing in
one statement, IE:
if($_REQUEST['test']) {
if($_GET['test']) {
// make the form here
}
elseif($_POST['test']) {
// get posting from the form
}
}
Also, I see examples of these being used with and without the single quotes
Like:
$_POST[j_orderValue]
or
$_POST['j_orderValue']
Single quotes is best, correct to prevent sql injection?
Best practice is with '', if you have E_NOTICE on you'll get notices if
you use $_POST[test] instead of $_POST['test']
It has nothing to do with SQL injection here. But when dealing with SQL
statements it's best practice to use '', for instance if you are about
to insert and a number at some point could be inserted as part of the
statement: "price = 250" will do fine, but if price ain't entered "price
= " will cause an error, while "price = ''" will not make the sql insert
fail.
Regarding SQL injection, run all inputs through the function
mysql_real_escape_string()
--
Kind regards
Kim Emax - masterminds.dk
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
