PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
Moderator: General Moderators
Mr Tech
Forum Contributor
Posts: 424 Joined: Tue Aug 10, 2004 3:08 am
Post
by Mr Tech » Tue Dec 11, 2007 10:36 pm
I was using this code however it seems to throw a Notice error if neither are defined...
Code: Select all
$pageurl['page'] = (isset($_POST['page'])) ? $_POST['page'] : $_GET['page'];
I used the following which got rid of the error but what I wanted to ask was if this was the correct way to do it?
Code: Select all
$pageurl['page'] = (isset($_POST['page'])) ? $_POST['page'] : (isset($_GET['page'])) ? $_GET['page'] : '';
Appreciate your input
Benjamin
Site Administrator
Posts: 6935 Joined: Sun May 19, 2002 10:24 pm
Post
by Benjamin » Tue Dec 11, 2007 10:50 pm
Just use $_REQUEST if it can be either.
nathanr
Forum Contributor
Posts: 200 Joined: Wed Jun 07, 2006 5:46 pm
Post
by nathanr » Wed Dec 12, 2007 1:31 am
astions wrote: Just use $_REQUEST if it can be either.
careful where you use it though.. you don't want to open yourself up to the security risks involved that much surely?
Benjamin
Site Administrator
Posts: 6935 Joined: Sun May 19, 2002 10:24 pm
Post
by Benjamin » Wed Dec 12, 2007 2:28 am
This is an appropriate time to use $_REQUEST. Obviously it will still need to follow the appropriate validation channels.
stereofrog
Forum Contributor
Posts: 386 Joined: Mon Dec 04, 2006 6:10 am
Post
by stereofrog » Wed Dec 12, 2007 5:10 am
I'm curious how you can program a script without knowing which request method it accepts.
Anyways, you can always check REQUEST_METHOD variable and act accordingly:
Code: Select all
if($_SERVER['REQUEST_METHOD'] == 'POST')
$input = $_POST;
else
$input = $_GET;
Benjamin
Site Administrator
Posts: 6935 Joined: Sun May 19, 2002 10:24 pm
Post
by Benjamin » Wed Dec 12, 2007 6:00 am
What if your both posting and using a query string at the same time?
Benjamin
Site Administrator
Posts: 6935 Joined: Sun May 19, 2002 10:24 pm
Post
by Benjamin » Wed Dec 12, 2007 8:47 am
stereofrog wrote: You shouldn't.
Why not?
John Cartwright
Site Admin
Posts: 11470 Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:
Post
by John Cartwright » Wed Dec 12, 2007 8:54 am
stereofrog wrote: You shouldn't.
I do all the time.
patrikG
DevNet Master
Posts: 4235 Joined: Thu Aug 15, 2002 5:53 am
Location: Sussex, UK
Post
by patrikG » Wed Dec 12, 2007 9:41 am
using $_REQUEST as astions suggested is the easiest option. Make sure you validate the input to prevent the usual XSS, MySQL injection, etc. etc.
Zoxive
Forum Regular
Posts: 974 Joined: Fri Apr 01, 2005 4:37 pm
Location: Bay City, Michigan
Post
by Zoxive » Wed Dec 12, 2007 9:42 am
astions wrote: What if your both posting and using a query string at the same time?
That is the only way I submit forums.
(Mainly because I use the MVC concept, and all links are "Clean Urls")
JayBird
Admin
Posts: 4524 Joined: Wed Aug 13, 2003 7:02 am
Location: York, UK
Contact:
Post
by JayBird » Wed Dec 12, 2007 10:05 am
Jcart wrote: stereofrog wrote: You shouldn't.
I do all the time.
And me
stereofrog
Forum Contributor
Posts: 386 Joined: Mon Dec 04, 2006 6:10 am
Post
by stereofrog » Wed Dec 12, 2007 11:34 am
astions wrote: stereofrog wrote: You shouldn't.
Why not?
Because when you know definitely you're accepting only POST and you're working only with POST and you're ignoring GET, REQUEST, COOKE and WHATEVER ELSE, your code is much more transparent and easier to debug, than if you were accepting all of the above.
If you have an example why you think mixing request methods is useful, you're welcome to share it.
Luke
The Ninja Space Mod
Posts: 6424 Joined: Fri Aug 05, 2005 1:53 pm
Location: Paradise, CA
Post
by Luke » Wed Dec 12, 2007 12:45 pm
I do too!
Christopher
Site Administrator
Posts: 13596 Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US
Post
by Christopher » Wed Dec 12, 2007 1:21 pm
Don't you mean:
Because when you explicitly define what you're accepting and explicitly ignore everything else, your code is much more transparent and easier to debug.
Controller parameters are a common example of GET values passed with a POST.
(#10850)