Yes, but you really must realize how utterly easy it is to POST bogus variables to a form (Save the page as HTML, edit, load in browser, submit -- bingo). If you're using the assumption "these vars were POSTed, so they're safe", you're begging for trouble.
--- Scott Hurring Systems Programmer EAC Corporation [EMAIL PROTECTED] Voice: 201-462-2149 Fax: 201-288-1515 > -----Original Message----- > From: 1LT John W. Holmes [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, June 05, 2002 4:30 PM > To: Joe Pemberton; php list > Subject: Re: [PHP] Finding out how a variable was registered > > > Use $HTTP_POST_VARS['var'] instead of $var and you will know > it comes from > post. Or $HTTP_GET_VARS['var'] if you want it from GET (the URL). > > Or use the superglobals like someone else mentioned if you > have the latest > PHP version. > > ---John Holmes... > > ----- Original Message ----- > From: "Joe Pemberton" <[EMAIL PROTECTED]> > To: "php list" <[EMAIL PROTECTED]> > Sent: Wednesday, June 05, 2002 2:45 PM > Subject: [PHP] Finding out how a variable was registered > > > Is there a function call to figure out how a variable was > registered? I am > writing a page that handles a form and I need to know whether or not a > variable was created using the GET or POST method (I don't > want the user to > be able to to 'foo.php?var=value' and mess with the results) > - - Joe > > [EMAIL PROTECTED] > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
