|
Posted by Jerry Stuckle on 09/28/05 19:33
brian_mckracken@yahoo.com wrote:
> Hi and thanks for the tip. However, I'm having a bit of a puzzle trying
> to figure out how one can post these variable via the url like:
>
> http://www.acme.com/page.php?user=joe&passwd=secret1234
>
> Any ideas?
>
>
> Jerry Stuckle wrote:
>
>>For a post operation, the incoming data will be in the $_POST variable.
>>
>>In your case you are using the id's "login[email]" and "login[passwd]',
>>so your values will be in the array as $_POST['login']['email'] and
>>$_POST['login]['passwd]
>>
>>--
>>==================
>>Remove the "x" from my email address
>>Jerry Stuckle
>>JDS Computer Training Corp.
>>jstucklex@attglobal.net
>>==================
>
>
Brian,
This example is a GET operation (VERY insecure - especially where userid
and passwords are concerned); For that you would use the $_GET array.
The basic differences are:
When a form's method is GET, the values in the form are sent in the URL
(as above) and you use $_GET to access them (in your case, $_GET['user']
would contain 'joe', and $_GET['passwd'] would contain 'secret1234');
Conversely, when a form's method is POST, the values are passed by the
browser but not in the URL. There you would use $_POST, i.e.
$_POST['user'] and $_POST['passwd'].
GET operations are nice for some things because the user can bookmark
the request and return to the same page with the same parameters.
However, the user can also change those parameters before submitting the
page, so it's less secure.
POST, OTOH, doesn't allow the user to bookmark the page *with the posted
parameters*. He/she can only bookmark the URL itself, and any POST
parameters are not available when he/she later tries to use the
bookmark. It is, however, more secure because the user can't as easily
change the parameters before submitting the page.
Another problem with POST is that you can't easily pass these parameters
on if you should need to redirect the user to a new page. But I
recommend you don't worry about that right now; just keep it in mind and
ask more questions later when you need to redirect the user with parameters.
Also, if you have a lot of data on your form, the GET url can become
quite unwieldy. POST urls, OTOH, only contain the URL of the page, so
are shorter.
Personally, I prefer to use POST when possible.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================
[Back to original message]
|