RE: [PHP] parsing variables through webpages
> I send hidden variables from a form to a php. In the php > I have the following code to convert the global vars sent: > > If (isset($_GET['foo'])) > $foo = $_GET['foo'] > else > $foo = 0; > > But this only works using the "GET" method! If you're sending the variable using "POST" then use $_POST['foo'] instead. You should consider the source of your information to help avoid malicious code injection too. If you _know_ that you've passed a variable using GET then don't accept the same variable as POST and vice versa. You should probably also do some sanity checking on the data that is passed to ensure that it's what you're expecting. For example, if you're passing a number then make sure you've actually got a number instead of some malicious code that some net-nasty decided to feed to your php script. CYA, Dave -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] parsing variables through webpages
You can use $_POST in a similar fashion to retrieve values from form that have been posted with the POST method. Also, you can use $_REQUEST to catch both at the same time. In this case, you may have a problem if the same variable is passed through both GET and POST, in that one will override the other depending on how your php.ini is set up. On Mon, 2002-10-07 at 12:19, Edgard Berendsen wrote: > I send hidden variables from a form to a php. In the php > I have the following code to convert the global vars sent: > > If (isset($_GET['foo'])) > $foo = $_GET['foo'] > else > $foo = 0; > > But this only works using the "GET" method! > > Thanks for your answer. > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
