Hi Slack-Moehrle

Slack-Moehrle wrote on 22/02/2010 21:39:
Hi All,

I have Forms that I submit for processing. I have seen examples of people using 
either $_POST or $_REQUEST.

When would I choose one over the other?

$_REQUEST['test'] is true on both $_GET['test'] and $_POST['test']

I use it from time to time if I have a edit link followed by a form posting (where I use method=post), if I decide to have all editing in one statement, IE:

if($_REQUEST['test']) {
  if($_GET['test']) {
    // make the form here
  elseif($_POST['test']) {
  // get posting from the form

Also, I see examples of these being used with and without the single quotes



Single quotes is best, correct to prevent sql injection?

Best practice is with '', if you have E_NOTICE on you'll get notices if you use $_POST[test] instead of $_POST['test']

It has nothing to do with SQL injection here. But when dealing with SQL statements it's best practice to use '', for instance if you are about to insert and a number at some point could be inserted as part of the statement: "price = 250" will do fine, but if price ain't entered "price = " will cause an error, while "price = ''" will not make the sql insert fail.

Regarding SQL injection, run all inputs through the function mysql_real_escape_string()

Kind regards
Kim Emax - masterminds.dk

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to