|
Posted by boclair on 09/28/05 20:27
Jerry Stuckle wrote:
> brian_mckracken@yahoo.com wrote:
>
>> Hi and thanks for the tip. However, I'm having a bit of a puzzle trying
>> to figure out how one can post these variable via the url like:
>>
>> http://www.acme.com/page.php?user=joe&passwd=secret1234
>>
>> Any ideas?
>>
>>
>> Jerry Stuckle wrote:
>>
>>> For a post operation, the incoming data will be in the $_POST variable.
>>>
>>> In your case you are using the id's "login[email]" and "login[passwd]',
>>> so your values will be in the array as $_POST['login']['email'] and
>>> $_POST['login]['passwd]
>>>
>>> --
>>> ==================
>>> Remove the "x" from my email address
>>> Jerry Stuckle
>>> JDS Computer Training Corp.
>>> jstucklex@attglobal.net
>>> ==================
>>
>>
>>
>
> Brian,
>
> This example is a GET operation (VERY insecure - especially where userid
> and passwords are concerned); For that you would use the $_GET array.
>
> The basic differences are:
>
> When a form's method is GET, the values in the form are sent in the URL
> (as above) and you use $_GET to access them (in your case, $_GET['user']
> would contain 'joe', and $_GET['passwd'] would contain 'secret1234');
>
> Conversely, when a form's method is POST, the values are passed by the
> browser but not in the URL. There you would use $_POST, i.e.
> $_POST['user'] and $_POST['passwd'].
>
> GET operations are nice for some things because the user can bookmark
> the request and return to the same page with the same parameters.
> However, the user can also change those parameters before submitting the
> page, so it's less secure.
>
> POST, OTOH, doesn't allow the user to bookmark the page *with the posted
> parameters*. He/she can only bookmark the URL itself, and any POST
> parameters are not available when he/she later tries to use the
> bookmark. It is, however, more secure because the user can't as easily
> change the parameters before submitting the page.
>
> Another problem with POST is that you can't easily pass these parameters
> on if you should need to redirect the user to a new page. But I
> recommend you don't worry about that right now; just keep it in mind and
> ask more questions later when you need to redirect the user with
> parameters.
What a good explanation!
I see the the OP is apparently dealing with a login. This immediately
raises the question of validation of the posted values and of course the
need to indeed pass variables created by the post method. The answer
lies of course in the use of cookies, or much preferably, sessions.
Louise
Navigation:
[Reply to this message]
|