Page 1 of 2
[solved]Wonder why people use $_POST[] ....
Posted: Wed Aug 03, 2005 12:53 am
by dreamline
Hi guyz,
I just wonder why everyone is using $_POST['variable'] to get a variable through PHP instead of $variable after posting form data?
Is this last method a wrong way of getting your submitted form data?
Just wondering...

Posted: Wed Aug 03, 2005 1:06 am
by m3mn0n
Posted: Wed Aug 03, 2005 1:17 am
by dreamline
Thanks for the enlightenment..

Guess i got sum work to do.. LOL...

Posted: Wed Aug 03, 2005 1:19 am
by m3mn0n
Anytime.
And it'll be very much so worth the effort!

Posted: Wed Aug 03, 2005 2:52 am
by s.dot
If you don't specify how you're accessing the data (for exapme just using $variable instead of $_POST['variable'], PHP will attempt to gather that data from other request methods such as $_GET, $_SESSION, $_COOKIE, $_SERVER, etc..
Let me give you an example of how this could be used to trick a form, although in a harmless way
Say you had a form to input the year you were born.
When you're processing this form data, you tell the script that $age should equal the year they entered... which was a select box from year 1900 to 1985.
They could put '&age=1755' into the URL string and have their birth year equal to 1755, which is not allowed in this example.
PHP used $_GET to satisfy the $age variable.
Calling $_POST['age'] will only allow the age POSTed from the form.
I learned the value of this not too long ago and have been changing a lot of my scripts.
Posted: Wed Aug 03, 2005 2:56 am
by feyd
note: scrotaye's comment only really applies if you are using register globals, or other similar devices.
Posted: Wed Aug 03, 2005 2:58 am
by s.dot
indeed. I assumed that was understood. Thanks for the clarification. =)
Posted: Wed Aug 03, 2005 3:26 am
by dreamline
Yea i get it completely..
I have register globals on, so basically any variable will do... So i better start using $_POST[] to validate form input...
Thanks for clearing it up for me though.....
Posted: Wed Aug 03, 2005 5:15 am
by CoderGoblin
As an addition (I seem to like these).
When a user first goes onto a page using a url such as id it is a normally a $_GET (for things such as id's you can generally perform a simple floor on them to provide one simple validation check.
If this value needs to be retained it is normally stored in a hidden input field on the form.
If this form is submitted as POST you can check for it using $_REQUEST which checks $_GET, $_POST, and $_COOKIE. This saves you checking for $_GET['id'] and $_POST['id'] separately.
Posted: Wed Aug 03, 2005 8:03 am
by dreamline
Thanks i'll keep that in mind too..

Boy am i learning. .hahahah..

Just love it... Still gotta go OOP but in time i will..
Thanks for the tips..

Posted: Wed Aug 03, 2005 8:06 am
by theda
And you think that stuff is tough? Try OOP

[Object oriented programming]
Posted: Wed Aug 03, 2005 8:23 am
by dreamline
hahahah.. Thats why i haven't started OOP yet.. LOL.. However I can find my way in PHP, but OOP is definately a must to start for me...
However i'm not a guru yet, but in training...
And i come from the time that procedural languages were hot, so OOP is a whole new way of thinking.. I'm getting way too old.. hahahah
Posted: Wed Aug 03, 2005 4:23 pm
by evilmonkey
If register_globals is on, what is the priority sequence that PHP uses? For instance, what does it check first, $_GET[], $_POST[], $_COOKIE[], $_SESSION[] or $_SERVER[]? Is there a way to tell?
Posted: Wed Aug 03, 2005 4:41 pm
by andre_c
http://us3.php.net/manual/en/ini.core.p ... bles-order
...The default setting of this directive is "EGPCS"...
Environment, GET, POST, Cookie, Server
Posted: Wed Aug 03, 2005 4:49 pm
by evilmonkey
Interesting, never knew that.