|
|
Posted by nescio on 05/14/06 16:25
>
> You don't control posting to a script, it could contain everything.
> Name your desired variables, loop through the $_POST/$_GET array, and
check
> how many "known" variables is contains. It's tempting to think of
shortcuts,
> but this isn't the place to cut corners.
so, is it better to use $_POST instead of $_REQUEST?
or do these problems also occur with $_POST?
it is a bit difficult to explain why this is important to me, but i will
try.
i am builing an application that uses the column names from a database.
people can choose some of these columns, then a form is build that uses the
column names as the names in the form.
after sending the form, these names are used to build the query.
this is possible because the names in the form are the same as the column
names in de database.
so i have to know which elements of the request can to be part of the query
and which can't (like 'submit' and 'phpsessid')
i can't give them the names you suggested because the have to correspond
with the column names in the database.
thanks,
Navigation:
[Reply to this message]
|