Choosing between $_POST & $_GET and not returning Notice

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

User avatar
Mr Tech
Forum Contributor
Posts: 424
Joined: Tue Aug 10, 2004 3:08 am

Choosing between $_POST & $_GET and not returning Notice

Post by Mr Tech »

I was using this code however it seems to throw a Notice error if neither are defined...

Code: Select all

$pageurl['page'] = (isset($_POST['page'])) ? $_POST['page'] : $_GET['page'];
I used the following which got rid of the error but what I wanted to ask was if this was the correct way to do it?

Code: Select all

$pageurl['page'] = (isset($_POST['page'])) ? $_POST['page'] : (isset($_GET['page'])) ? $_GET['page'] : '';
Appreciate your input
User avatar
Benjamin
Site Administrator
Posts: 6935
Joined: Sun May 19, 2002 10:24 pm

Post by Benjamin »

Just use $_REQUEST if it can be either.
User avatar
nathanr
Forum Contributor
Posts: 200
Joined: Wed Jun 07, 2006 5:46 pm

Post by nathanr »

astions wrote:Just use $_REQUEST if it can be either.
careful where you use it though.. you don't want to open yourself up to the security risks involved that much surely?
User avatar
Benjamin
Site Administrator
Posts: 6935
Joined: Sun May 19, 2002 10:24 pm

Post by Benjamin »

This is an appropriate time to use $_REQUEST. Obviously it will still need to follow the appropriate validation channels.
User avatar
stereofrog
Forum Contributor
Posts: 386
Joined: Mon Dec 04, 2006 6:10 am

Post by stereofrog »

I'm curious how you can program a script without knowing which request method it accepts.
Anyways, you can always check REQUEST_METHOD variable and act accordingly:

Code: Select all

if($_SERVER['REQUEST_METHOD'] == 'POST')
   $input = $_POST;
else
   $input = $_GET;
User avatar
Benjamin
Site Administrator
Posts: 6935
Joined: Sun May 19, 2002 10:24 pm

Post by Benjamin »

What if your both posting and using a query string at the same time?
User avatar
stereofrog
Forum Contributor
Posts: 386
Joined: Mon Dec 04, 2006 6:10 am

Post by stereofrog »

You shouldn't. ;)
User avatar
Benjamin
Site Administrator
Posts: 6935
Joined: Sun May 19, 2002 10:24 pm

Post by Benjamin »

stereofrog wrote:You shouldn't. ;)
Why not?
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

stereofrog wrote:You shouldn't. ;)
I do all the time.
User avatar
patrikG
DevNet Master
Posts: 4235
Joined: Thu Aug 15, 2002 5:53 am
Location: Sussex, UK

Post by patrikG »

using $_REQUEST as astions suggested is the easiest option. Make sure you validate the input to prevent the usual XSS, MySQL injection, etc. etc.
User avatar
Zoxive
Forum Regular
Posts: 974
Joined: Fri Apr 01, 2005 4:37 pm
Location: Bay City, Michigan

Post by Zoxive »

astions wrote:What if your both posting and using a query string at the same time?
That is the only way I submit forums.

(Mainly because I use the MVC concept, and all links are "Clean Urls")
User avatar
JayBird
Admin
Posts: 4524
Joined: Wed Aug 13, 2003 7:02 am
Location: York, UK
Contact:

Post by JayBird »

Jcart wrote:
stereofrog wrote:You shouldn't. ;)
I do all the time.
And me
User avatar
stereofrog
Forum Contributor
Posts: 386
Joined: Mon Dec 04, 2006 6:10 am

Post by stereofrog »

astions wrote:
stereofrog wrote:You shouldn't. ;)
Why not?
Because when you know definitely you're accepting only POST and you're working only with POST and you're ignoring GET, REQUEST, COOKE and WHATEVER ELSE, your code is much more transparent and easier to debug, than if you were accepting all of the above.

If you have an example why you think mixing request methods is useful, you're welcome to share it.
User avatar
Luke
The Ninja Space Mod
Posts: 6424
Joined: Fri Aug 05, 2005 1:53 pm
Location: Paradise, CA

Post by Luke »

I do too! :)
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Post by Christopher »

Don't you mean:

Because when you explicitly define what you're accepting and explicitly ignore everything else, your code is much more transparent and easier to debug.

Controller parameters are a common example of GET values passed with a POST.
(#10850)
Post Reply