> This is out of the Apache log:
> GET /subapp_profiles/act_upload_image.php HTTP/1.1" 200 160
> POST /subapp_profiles/act_upload_image.php HTTP/1.1" 302 5
> I do not have a clue where this GET request could come from. This has
> a empty sql statement and therefore a db error. How can could this be
> achieved? By clicking back in the browser window? I dont think so since
> same user was on another site before.

The GET is coming from the person on the browser is requesting the page the
either via a link or directly typing it in.  That's how the HTTP works,
right?  Almost all web requests are GETs.  When a person clicks on a link on
www.mysite.com whose href="/subapp_profiles/act_upload_image.php", the
browser will send (at least) the following to the server:

GET /subapp_profiles/act_upload_image.php HTTP/1.1\r\n
Accept: */*\r\n
User-Agent: Mozilla (blah; blah)\r\n
Host: www.mysite.com\r\n
Connection: Keep-Alive\r\n

The web server on the other end will then fulfill that reques if it can.
The 200 on the end of your log entry for the GET indicates success.

So what happens is:
1. browser requests the formact_upload_image.php  via GET.
2. Web server sends the data.
3. Browser Displays the form
4. person clicks submit on your act_upload_image.php  which has a method of
POST and server gets the posted data.

The solution is to check $_SERVER['REQUEST_METHOD'] and only process the
form if the method is POST.

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to