$_POST PROBLEM

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
siong1987
Forum Newbie
Posts: 1
Joined: Wed Aug 02, 2006 5:12 am

$_POST PROBLEM

Post by siong1987 »

May i know is there any pre-defined $_POST variable that can help us to verify where the $_POST variables is send from?

Thank you.
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

$_SERVER['REMOTE_ADDR'] holds the ip adress of the requesting client.
$_SERVER['HTTP_REFERER'] contains whatever the client is claiming to be the refering url.
But that's probably not what you're looking for.
Please elaborate.
User avatar
Ollie Saunders
DevNet Master
Posts: 3179
Joined: Tue May 24, 2005 6:01 pm
Location: UK

Post by Ollie Saunders »

You cannot reliably acertain the origin of any request data (POST or GET).

You can add:

Code: Select all

<input type="hidden" name="origin" id="origin" value="add record form" />
and then do this:

Code: Select all

if ($_POST['origin'] == 'add record form')
BUT, before you go running off. Remember any of this data can be tampered with. Someone could very easier spoof the value of origin to whatever they wanted. In that way POST is no better than GET, only you have to go to a bit more effort to do it, and fewer people know about it; still really simple though.
jmut
Forum Regular
Posts: 945
Joined: Tue Jul 05, 2005 3:54 am
Location: Sofia, Bulgaria
Contact:

Post by jmut »

ole wrote:You cannot reliably acertain the origin of any request data (POST or GET).

You can add:

Code: Select all

<input type="hidden" name="origin" id="origin" value="add record form" />
and then do this:

Code: Select all

if ($_POST['origin'] == 'add record form')
BUT, before you go running off. Remember any of this data can be tampered with. Someone could very easier spoof the value of origin to whatever they wanted. In that way POST is no better than GET, only you have to go to a bit more effort to do it, and fewer people know about it; still really simple though.
In addition to this....

You should not really be concerned where data comes from. You just need to validate it properly and use it accordingly.
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

If it is really a concern, and you happen to use database driven content, you can always store in your database what the calling page was based on the page you are on. I do this on a couple of sites, so I always know the page the user is on and the page they came from (within my site).
User avatar
Ollie Saunders
DevNet Master
Posts: 3179
Joined: Tue May 24, 2005 6:01 pm
Location: UK

Post by Ollie Saunders »

Everah wrote:If it is really a concern, and you happen to use database driven content, you can always store in your database what the calling page was based on the page you are on. I do this on a couple of sites, so I always know the page the user is on and the page they came from (within my site).
You may find it easier to use sessions.
jmut wrote:You should not really be concerned where data comes from. You just need to validate it properly and use it accordingly.
Well said.
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

ole wrote:
Everah wrote:If it is really a concern, and you happen to use database driven content, you can always store in your database what the calling page was based on the page you are on. I do this on a couple of sites, so I always know the page the user is on and the page they came from (within my site).
You may find it easier to use sessions.
I do. I database my sessions with my own session code. Page trails are maintained in my sessions table.
User avatar
Ollie Saunders
DevNet Master
Posts: 3179
Joined: Tue May 24, 2005 6:01 pm
Location: UK

Post by Ollie Saunders »

Well of course you would Everah, you are a 1337 4aXX0r, but siong1987 may just use the bog standard default session handling and find that sufficent for his requirements.
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

Doh! Now I get who you were talking to. I think.

And what in the name of all that is good about pizza is 1337 4aXX0r?!?!?!? I feel so clueless.Image
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

1337 4aXX0r > leet haxxor > elite hacker

but that's off topic.
ImageImage
Post Reply