Posted by jojo on 10/20/06 15:32

Nico Schuyt wrote:

[how to read out $_GET and $_POST]

> Or: extract($_POST);

This does only make $_POST variables available but not the GET ones. You
have to add extract($_GET);.

> But isn't that a safety risc? >

It is. It has the same effect which was corrected by adding the
possibility to switch register_globals off: every variable which is
posted is set, no matter if the author of the script want it to be set
by the user or not. In some cases one can override the values of
variables in the script by simply posting variables with the same name
which is a security problem.

> I prefer $var=$_POST['var'];

The better poosibility. Only the variable you want to be set by post (or
get) are set, all the other post (or get) variables are ignored.

• Next in forum: Re: Browsers for testing your web site in?
• Prev in forum: Re: what's the deal with me and this newsgroup?
• Thread view: Re: Form: GET works but POST doesnt!?

[Reply to this message]