> I send hidden variables from a form to a php. In the php > I have the following code to convert the global vars sent: > > If (isset($_GET['foo'])) > $foo = $_GET['foo'] > else > $foo = 0; > > But this only works using the "GET" method!
If you're sending the variable using "POST" then use $_POST['foo'] instead. You should consider the source of your information to help avoid malicious code injection too. If you _know_ that you've passed a variable using GET then don't accept the same variable as POST and vice versa. You should probably also do some sanity checking on the data that is passed to ensure that it's what you're expecting. For example, if you're passing a number then make sure you've actually got a number instead of some malicious code that some net-nasty decided to feed to your php script. CYA, Dave -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php