> This is out of the Apache log: > > GET /subapp_profiles/act_upload_image.php HTTP/1.1" 200 160 > POST /subapp_profiles/act_upload_image.php HTTP/1.1" 302 5 > > I do not have a clue where this GET request could come from. This has caused > a empty sql statement and therefore a db error. How can could this be > achieved? By clicking back in the browser window? I dont think so since the > same user was on another site before.
The GET is coming from the person on the browser is requesting the page the either via a link or directly typing it in. That's how the HTTP works, right? Almost all web requests are GETs. When a person clicks on a link on www.mysite.com whose href="/subapp_profiles/act_upload_image.php", the browser will send (at least) the following to the server: GET /subapp_profiles/act_upload_image.php HTTP/1.1\r\n Accept: */*\r\n User-Agent: Mozilla (blah; blah)\r\n Host: www.mysite.com\r\n Connection: Keep-Alive\r\n \r\n The web server on the other end will then fulfill that reques if it can. The 200 on the end of your log entry for the GET indicates success. So what happens is: 1. browser requests the formact_upload_image.php via GET. 2. Web server sends the data. 3. Browser Displays the form 4. person clicks submit on your act_upload_image.php which has a method of POST and server gets the posted data. The solution is to check $_SERVER['REQUEST_METHOD'] and only process the form if the method is POST. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php