Reply to Re: trying to figure out the best/efficient way to tell whois loggedinto a site..

Your name:

Reply:


Posted by Ben on 09/15/05 00:03

Dan Baker wrote:

>>On the one hand, you can't trust anything that came from the client, but
>>on the other if you're expecting a variable to come from a cookie and
>>instead it comes from a get you know something weird is going on, but
>>using $_REQUEST you'll be oblivious. You ought to know where your
>>variable values are coming from, $_REQUEST hides this.
>
>
> Interesting, but I think I wouldn't spend the extra code to detect if I was
> expecting a POST, but got a GET. If I didn't get the value from POST, I'd
> just assume it wasn't there -- I wouldn't go looking elsewhere for it, and
> report an error.

Sorry, I didn't mean to suggest you spend the extra time checking to see
if you got a get when expecting a cookie, I meant to suggest that if you
were expecting a cookie you only look for a cookie and therefore ignore
the get (and generate whatever error is appropriate if you didn't get
the value). No point doing any extra coding. The point was that you
shouldn't accept a variable from where you weren't expecting it, which
$_REQUEST doesn't allow you to do.



>
> The *main* reason I use $_REQUEST is so I can code up GET and POST pages
> that all are handled by the same php functions. I may have an item called
> "Key" that contains what the end-user is expected to be doing ("User.Create"
> or "User.Edit" or whatever). Then I may have a link (GET) that has
> ?Key=User.Create, while a form (POST) that has a hidden value "Key" with
> value "User.Create". I don't really care if it came from a GET or POST --
> if the data is all valid, I'll allow it to work.

How are you passing your values to your functions? If you stick to
local variables in your functions they won't care where you got the
values from. Deal with the post or get values in whatever script
handles your form submissions and have it pass the values on to your
functions.

IE
In your post handling script:

$result=doSomething($_POST['this'],$_POST['that']);

In your get handling script:

$result=doSomething($_GET['this'],$_GET['that']);


- Ben

[Back to original message]
Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация