|
|
Posted by Michael Fesser on 09/16/07 14:49
..oO(pepper.gabriela@gmail.com)
>> Even if the form was submitted and $_POST is not empty, you should check
>> every value if it exists before you use it.
>
>why?
You can't be sure that you'll get all the values from the form you
expect. Every data coming in from the client (POST, GET, cookies) can be
incomplete or manipulated.
>I'm using them this way: if I receive the values I put them in the
>value field of the form, if I don't receive data, the field appears
>empty.
You just have to make sure that missing values don't lead to notices or
unexpected behaviour in your code.
>> You could also have a look at the extract() function, if you want to
>> convert the array into single variables. I don't consider that really
>> necessary, but anyway.
>
>I considered not using it because the PHP manual says it is not a good
>idea for $_GET, $_POST, etc.
Currently you're doing nearly the same.
Micha
Navigation:
[Reply to this message]
|