|
|
Posted by shimmyshack on 09/10/07 09:43
On Sep 10, 4:05 am, "Peter" <Will_Bounce_So_Use_My_First_N...@Smart-
Projects.net> wrote:
> register_globals = off and I want to either POST or GET a variable to a
> script.
> How would you assign $myvar ?
>
> If I do this:
>
> $_GET['my_var'];
>
> or
>
> if ($_GET['my_var'])
> {
> //
> }
>
> is my_var assigned then ?
>
> Or do I have to do this:
> $my_var = $_GET['my_var'] ;
> to assign the value
>
> And what if my_var can be either POSTed or be in the URL (GET) ?
>
> Should I do something like this then?
>
> if (!$_GET['my_var'])
> {
> $my_var = $_POST['my_var'] ;
> }
> else
> {
> $my_var = $_GET['my_var'] ;
> }
The POST superglobal is only populated with elements from the form
actually sent.
so if you form has three inputs
input1
input2
and
input3
and has a method of post
you will see
$_POST['input1'] = value user typed
$_POST['input2'] = value user typed
$_POST['input3'] = value user typed
only if the user actually typed into the fields and hit submit, so you
must use code like so
//if form submitted
$sInput1 = '';
$sInput2 = '';
$sInput3 = '';
if( $_POST ) //some use if( $_POST['submit']==submit )
{
if( isset($_POST['input1']) || $_POST['input1']!='' )
{
//someone must have typed something so set your var, filtering if
need be (so if input1 is an english christian name)
$sInput1 = eregi_replace( '[^a-zA-Z0-9'\-]', '', $_POST['input1'] );
}
//etc...
}
you could loop for each field filtering and setting vars, and you
could use sessions to preserve the values typed in to echo back to the
screen - provided you HAVE filtered them (to avoid reflection XSS
attacks)
Navigation:
[Reply to this message]
|