|
|
Posted by klakons on 08/05/05 14:14
is $_REQUEST array not safe? if someone will put variables in url?
imho it is better to use _POST
m
> try using @$_REQUEST["variableNameGoesHere"] in that case...which will
> suppress the warnings and not just limit the form to post actions only.
>
> "Tony" <nobody@nowhere.not> wrote in message
> news:11f4pa9ll2fb504@corp.supernews.com...
> | "web_design" <web_design@doijwakfjasilfasfsaf.com> wrote in message
> | news:11f4ciqv6560fb@corp.supernews.com...
> | >I have a contact form on my site. I want to validate the form
> information
> | >in PHP and if it is incorrect to send the same page (form) back with a
> | >message on the top saying that the form was filled out incorrectly? I
> can
> | >think of a long-winded way to do it, but there must be an easier way...
> |
> | Depends on what you want to do, exactly, but try something like this
> | psuedo-code (I use it all the time):
> |
> | <?
> | if (isset($_POST["submit"])) {
> | // check for errors
> | if (errors()) { $errorflag = true; }
> | else { $errorflag = false; }
> | }
> |
> | if ( (isset($_POST["submit"])) && (!$errorflag) ) {
> | // thank you for your submission
> | } else {
> | // output the form here - note the use of the values:
> | print "<input type='text' name='FirstName' value='" .
> | $_POST["FirstName"]
> | . "'>\n";
> | // continue in this manner for all form fields
> | }
> | ?>
> |
> | One caveat on this - if you have your warning level set to warn of
> undefined
> | variables, you will get errors on the first loading of the page, since
> | the $_POST variables won't be set yet.
> |
> |
Navigation:
[Reply to this message]
|