> I send hidden variables from a form to a php. In the php
 > I have the following code to convert the global vars sent:
 >     If  (isset($_GET['foo']))
 >         $foo = $_GET['foo']
 >     else
 >         $foo = 0;
 > But this only works using the "GET" method!

If you're sending the variable using "POST" then use $_POST['foo']

You should consider the source of your information to help avoid
malicious code injection too.  If you _know_ that you've passed a
variable using GET then don't accept the same variable as POST and vice
versa.  You should probably also do some sanity checking on the data
that is passed to ensure that it's what you're expecting.  For example,
if you're passing a number then make sure you've actually got a number
instead of some malicious code that some net-nasty decided to feed to
your php script.

CYA, Dave

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to