Page 1 of 1
Whats the best way to pass variables
Posted: Wed May 11, 2005 10:20 am
by soianyc
Im really getting into php now and i realize that my goal is to make my sight as efficient as possible. Thanks to this sight i have learned about pagination, image resizing, passin varibles and much more. My question to all out there is what would be the best way to pass variables.
Im basically making an online catalog which displays garments. There are many sub catageroies in this such as Coats, Jackets and types of materials, also accesories etc.... I didnt make the site to have users with passwords, but i probably will incorporate one when i get more experienced.
Ive recently encountered a problem with pagination. Im having trouble passing the variables to the next page of the script. I read around and saw two solutions to the problem. Post the variables to the pagination script, which i did and which works, or to use sessions. Now as far as i have read sessions are the way to go for something like this. I also dont want to use cookies. What would you do in my situation, keep it the way it is or go for the sessions?
Posted: Wed May 11, 2005 10:26 am
by neophyte
You could also use query strings which is a very popular way of doing this. So your links on pages would look like:
somesite.com/index.php?page=2
Then on each page you can access the var like this:
With that information you can then generate pagination.
Posted: Wed May 11, 2005 10:29 am
by soianyc
I know, thats what im doing right now. I guess im wondering about sessions and if that may be a better way of passing variables.
Posted: Wed May 11, 2005 11:02 am
by neophyte
You could use sessions but then you would have to worry about unsetting the variable too. I think this is probably why query strings are generally used for this purpose.
Posted: Wed May 11, 2005 12:49 pm
by Chris Corbyn
Query strings are far better anyway for this sort of thing... you can't link to a specific page too easily if it relies on sessions (Unless you hijack the session id). Any large application which passes variables for such cosmetci things I use GET, only sensitive data gets posted.
You'll have to sanitize things a bit which is one disadvantage of GET. Say someone wants to bookmark a particular page... sessions wont cut it

Posted: Wed May 11, 2005 12:52 pm
by soianyc
I see. So i pass my variables with query strings and GET's so i should be alright then. Can i incorporate sessions and query strings? If so will it be a hassle or pretty straight forward??
Thanx for all your replies so far.
Posted: Wed May 11, 2005 12:57 pm
by Chris Corbyn
soianyc wrote:Can i incorporate sessions and query strings? If so will it be a hassle or pretty straight forward??
Not sure how you mean. You mean can you use both at the same time?
You can use any combination of methods in your scripts. Maybe a point to note is that (although you should usually know where to expect it to be from) $_REQUEST[] looks through all the possible locations for your variables i.e. GET, POST, SESSION, COOKIES
Posted: Wed May 11, 2005 1:05 pm
by soianyc
Cool, thanx for all your replies. I think you basically answered my questions.
Re: Whats the best way to pass variables
Posted: Thu May 12, 2005 6:48 am
by JayBird
soianyc wrote:... i realize that my goal is to make my sight as efficient as possible.
How about laser eye surgery or glasses!?

Posted: Thu May 12, 2005 11:19 am
by AGISB
The Get approach has it pros but it also has cons. A URL with a long query string can become a security nightmare.
Posted: Thu May 12, 2005 12:20 pm
by John Cartwright
Not neccesarily. I have created my own class that can sanitize any input.
With $_GET I generally have a list of pre-defined variables, and if the current input does not match any of those possibilities I consider it the users error, and terminate the script.
Simple as sanitizing your input, especially with sql queries.
For example, look at hotmail and ebay. The url sometimes is extremely long. So $_GET evidently is an effective way of passing information. But keep in mind, never ever ever EVER trust anything that the user can define.