PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
If you don't specify how you're accessing the data (for exapme just using $variable instead of $_POST['variable'], PHP will attempt to gather that data from other request methods such as $_GET, $_SESSION, $_COOKIE, $_SERVER, etc..
Let me give you an example of how this could be used to trick a form, although in a harmless way
Say you had a form to input the year you were born.
When you're processing this form data, you tell the script that $age should equal the year they entered... which was a select box from year 1900 to 1985.
They could put '&age=1755' into the URL string and have their birth year equal to 1755, which is not allowed in this example.
PHP used $_GET to satisfy the $age variable.
Calling $_POST['age'] will only allow the age POSTed from the form.
I learned the value of this not too long ago and have been changing a lot of my scripts.
When a user first goes onto a page using a url such as id it is a normally a $_GET (for things such as id's you can generally perform a simple floor on them to provide one simple validation check.
If this value needs to be retained it is normally stored in a hidden input field on the form.
If this form is submitted as POST you can check for it using $_REQUEST which checks $_GET, $_POST, and $_COOKIE. This saves you checking for $_GET['id'] and $_POST['id'] separately.
If register_globals is on, what is the priority sequence that PHP uses? For instance, what does it check first, $_GET[], $_POST[], $_COOKIE[], $_SESSION[] or $_SERVER[]? Is there a way to tell?