[solved]Wonder why people use $_POST[] ....

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

dreamline
Forum Contributor
Posts: 158
Joined: Fri May 28, 2004 2:37 am

[solved]Wonder why people use $_POST[] ....

Post by dreamline »

Hi guyz,
I just wonder why everyone is using $_POST['variable'] to get a variable through PHP instead of $variable after posting form data?

Is this last method a wrong way of getting your submitted form data?

Just wondering... :)
Last edited by dreamline on Sun Aug 07, 2005 5:12 am, edited 1 time in total.
User avatar
m3mn0n
PHP Evangelist
Posts: 3548
Joined: Tue Aug 13, 2002 3:35 pm
Location: Calgary, Canada

Post by m3mn0n »

dreamline
Forum Contributor
Posts: 158
Joined: Fri May 28, 2004 2:37 am

Post by dreamline »

Thanks for the enlightenment.. :D Guess i got sum work to do.. LOL... :(
User avatar
m3mn0n
PHP Evangelist
Posts: 3548
Joined: Tue Aug 13, 2002 3:35 pm
Location: Calgary, Canada

Post by m3mn0n »

Anytime.

And it'll be very much so worth the effort! :)
User avatar
s.dot
Tranquility In Moderation
Posts: 5001
Joined: Sun Feb 06, 2005 7:18 pm
Location: Indiana

Post by s.dot »

If you don't specify how you're accessing the data (for exapme just using $variable instead of $_POST['variable'], PHP will attempt to gather that data from other request methods such as $_GET, $_SESSION, $_COOKIE, $_SERVER, etc..

Let me give you an example of how this could be used to trick a form, although in a harmless way

Say you had a form to input the year you were born.
When you're processing this form data, you tell the script that $age should equal the year they entered... which was a select box from year 1900 to 1985.

They could put '&age=1755' into the URL string and have their birth year equal to 1755, which is not allowed in this example.

PHP used $_GET to satisfy the $age variable.

Calling $_POST['age'] will only allow the age POSTed from the form.

I learned the value of this not too long ago and have been changing a lot of my scripts.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

note: scrotaye's comment only really applies if you are using register globals, or other similar devices.
User avatar
s.dot
Tranquility In Moderation
Posts: 5001
Joined: Sun Feb 06, 2005 7:18 pm
Location: Indiana

Post by s.dot »

indeed. I assumed that was understood. Thanks for the clarification. =)
dreamline
Forum Contributor
Posts: 158
Joined: Fri May 28, 2004 2:37 am

Post by dreamline »

Yea i get it completely.. :)

I have register globals on, so basically any variable will do... So i better start using $_POST[] to validate form input... :)

Thanks for clearing it up for me though.....
User avatar
CoderGoblin
DevNet Resident
Posts: 1425
Joined: Tue Mar 16, 2004 10:03 am
Location: Aachen, Germany

Post by CoderGoblin »

As an addition (I seem to like these).

When a user first goes onto a page using a url such as id it is a normally a $_GET (for things such as id's you can generally perform a simple floor on them to provide one simple validation check.
If this value needs to be retained it is normally stored in a hidden input field on the form.
If this form is submitted as POST you can check for it using $_REQUEST which checks $_GET, $_POST, and $_COOKIE. This saves you checking for $_GET['id'] and $_POST['id'] separately.
dreamline
Forum Contributor
Posts: 158
Joined: Fri May 28, 2004 2:37 am

Post by dreamline »

Thanks i'll keep that in mind too.. :) Boy am i learning. .hahahah.. :) Just love it... Still gotta go OOP but in time i will.. :)

Thanks for the tips.. :)
theda
Forum Contributor
Posts: 332
Joined: Sat Feb 19, 2005 8:35 am
Location: USA

Post by theda »

And you think that stuff is tough? Try OOP :) [Object oriented programming]
dreamline
Forum Contributor
Posts: 158
Joined: Fri May 28, 2004 2:37 am

Post by dreamline »

hahahah.. Thats why i haven't started OOP yet.. LOL.. However I can find my way in PHP, but OOP is definately a must to start for me... :)

However i'm not a guru yet, but in training... :)

And i come from the time that procedural languages were hot, so OOP is a whole new way of thinking.. I'm getting way too old.. hahahah
User avatar
evilmonkey
Forum Regular
Posts: 823
Joined: Sun Oct 06, 2002 1:24 pm
Location: Toronto, Canada

Post by evilmonkey »

If register_globals is on, what is the priority sequence that PHP uses? For instance, what does it check first, $_GET[], $_POST[], $_COOKIE[], $_SESSION[] or $_SERVER[]? Is there a way to tell?
User avatar
andre_c
Forum Contributor
Posts: 412
Joined: Sun Feb 29, 2004 6:49 pm
Location: Salt Lake City, Utah

Post by andre_c »

http://us3.php.net/manual/en/ini.core.p ... bles-order
...The default setting of this directive is "EGPCS"...
Environment, GET, POST, Cookie, Server
User avatar
evilmonkey
Forum Regular
Posts: 823
Joined: Sun Oct 06, 2002 1:24 pm
Location: Toronto, Canada

Post by evilmonkey »

Interesting, never knew that.
Post Reply