You are here: Re: newbie - gathering variables in a general way - please... « All PHP « IT news, forums, messages
Re: newbie - gathering variables in a general way - please...

Posted by Konrad on 02/24/06 19:46

Juliette wrote:

> Konrad wrote:
>
>> Hello
>> I'm a complete php newbie.
>>
>> I want now to write a collection of simple scripts, which will be used
>> by entire web. I keep it in "scripts.php", now - I'd like it to be
>> simple and clear, so I want it to be able to execute commands sent
>> both by FORMS ($_POST) and by URL ($_GET).
>>
>> Let's say, a command would be "mail_to_admin" (and addidtional
>> variable would be "message"). To enable the script to read both forms
>> and urls' variables I thought about something like this:
>>
>> ---code---
>>
>> $command=$_POST['command'];
>> //if nothing like this is passed via FORM, then maybe via URL ?:
>> if(!$command) $command=$_GET['command'];
>>
>> if($command=="send_mail_to_admin"){
>> //then do something.
>> };
>>
>> ---end of code---
>>
>> I'd like to do this with every variable. So I can send this when user
>> presses "submit" button in a form, AND I can do this by going to:
>> scripts.php?command=mail_to_admin&message=SomeMessage
>> which is simple to remember, to accomplish etc. (I'm a "Do it once" guy:)
>>
>> Problem: I've never seen something like this in any script I have -
>> althought I haven't seen so many of them :)
>>
>> Is there something wrong with this approach ?
>>
>> Konrad.
>
>
> Sounds inherently insecure to me...
> Start by reading some more about PHP security - considering your script,
> you best start with security info dealing with the $_POST and $_GET arrays.
>
> Grz, J.
>

OK, thanks!

 

Navigation:

[Reply to this message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация