Page 1 of 2
Choosing between $_POST & $_GET and not returning Notice
Posted: Tue Dec 11, 2007 10:36 pm
by Mr Tech
I was using this code however it seems to throw a Notice error if neither are defined...
Code: Select all
$pageurl['page'] = (isset($_POST['page'])) ? $_POST['page'] : $_GET['page'];
I used the following which got rid of the error but what I wanted to ask was if this was the correct way to do it?
Code: Select all
$pageurl['page'] = (isset($_POST['page'])) ? $_POST['page'] : (isset($_GET['page'])) ? $_GET['page'] : '';
Appreciate your input
Posted: Tue Dec 11, 2007 10:50 pm
by Benjamin
Just use $_REQUEST if it can be either.
Posted: Wed Dec 12, 2007 1:31 am
by nathanr
astions wrote:Just use $_REQUEST if it can be either.
careful where you use it though.. you don't want to open yourself up to the security risks involved that much surely?
Posted: Wed Dec 12, 2007 2:28 am
by Benjamin
This is an appropriate time to use $_REQUEST. Obviously it will still need to follow the appropriate validation channels.
Posted: Wed Dec 12, 2007 5:10 am
by stereofrog
I'm curious how you can program a script without knowing which request method it accepts.
Anyways, you can always check REQUEST_METHOD variable and act accordingly:
Code: Select all
if($_SERVER['REQUEST_METHOD'] == 'POST')
$input = $_POST;
else
$input = $_GET;
Posted: Wed Dec 12, 2007 6:00 am
by Benjamin
What if your both posting and using a query string at the same time?
Posted: Wed Dec 12, 2007 8:13 am
by stereofrog
You shouldn't.

Posted: Wed Dec 12, 2007 8:47 am
by Benjamin
stereofrog wrote:You shouldn't.

Why not?
Posted: Wed Dec 12, 2007 8:54 am
by John Cartwright
stereofrog wrote:You shouldn't.

I do all the time.
Posted: Wed Dec 12, 2007 9:41 am
by patrikG
using $_REQUEST as astions suggested is the easiest option. Make sure you validate the input to prevent the usual XSS, MySQL injection, etc. etc.
Posted: Wed Dec 12, 2007 9:42 am
by Zoxive
astions wrote:What if your both posting and using a query string at the same time?
That is the only way I submit forums.
(Mainly because I use the MVC concept, and all links are "Clean Urls")
Posted: Wed Dec 12, 2007 10:05 am
by JayBird
Jcart wrote:stereofrog wrote:You shouldn't.

I do all the time.
And me
Posted: Wed Dec 12, 2007 11:34 am
by stereofrog
astions wrote:stereofrog wrote:You shouldn't.

Why not?
Because when you know definitely you're accepting only POST and you're working only with POST and you're ignoring GET, REQUEST, COOKE and WHATEVER ELSE, your code is much more transparent and easier to debug, than if you were accepting all of the above.
If you have an example why you think mixing request methods is useful, you're welcome to share it.
Posted: Wed Dec 12, 2007 12:45 pm
by Luke
I do too!

Posted: Wed Dec 12, 2007 1:21 pm
by Christopher
Don't you mean:
Because when you explicitly define what you're accepting and explicitly ignore everything else, your code is much more transparent and easier to debug.
Controller parameters are a common example of GET values passed with a POST.