Slack-Moehrle wrote on 22/02/2010 21:39:
I have Forms that I submit for processing. I have seen examples of people using
either $_POST or $_REQUEST.
When would I choose one over the other?
$_REQUEST['test'] is true on both $_GET['test'] and $_POST['test']
I use it from time to time if I have a edit link followed by a form
posting (where I use method=post), if I decide to have all editing in
one statement, IE:
// make the form here
// get posting from the form
Also, I see examples of these being used with and without the single quotes
Single quotes is best, correct to prevent sql injection?
Best practice is with '', if you have E_NOTICE on you'll get notices if
you use $_POST[test] instead of $_POST['test']
It has nothing to do with SQL injection here. But when dealing with SQL
statements it's best practice to use '', for instance if you are about
to insert and a number at some point could be inserted as part of the
statement: "price = 250" will do fine, but if price ain't entered "price
= " will cause an error, while "price = ''" will not make the sql insert
Regarding SQL injection, run all inputs through the function
Kim Emax - masterminds.dk
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php