Let's make some assumptions - 1) having register_globals on is bad 2) we all like to write scripts as secure as possible
Given #1 and #2, if you stop referencing variables directly (e.g. as $firstName in the script below) since register_globals is off, it immediately adds a degree of security to your script if you're aware of the difference between GET and POST requests. GET requests are quite easy to fake (just add the variables and values to the URL) and unless you have checks against it, a malicious user could take advantage of this. POST requests are a bit more tricky to fake, but not "difficult" in the grand scheme of things. Either way, in the examples that Piet wrote, there's no "extra coding". Writing the variable names is a bit more key strokes, but given the advantages of having even a slightly more secure script, it's a good thing and worth a bit more typing. -M -----Original Message----- From: Piet [mailto:[EMAIL PROTECTED] Sent: Friday, December 26, 2003 6:41 AM To: [EMAIL PROTECTED] Subject: [PHP] Re: Where and how do i use $_post etc Why would i do this long coding in the second page "script.php" the variables values is already available in "script.php" when i do a post or get, if i use $_POST or $_GET to define a variable already available, that seems like a lot of extra coding for no reason. "Al" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > "Piet" <[EMAIL PROTECTED]> wrote in message > news:[EMAIL PROTECTED] > > Hi > > > > I am trying to find examples of how and where to use $_POST, $_GET etc. I > > searched a lot of places, but cant seem to find decent examples or a > > tutorial or something. > > $_POST and $_GET are associative arrays containing the form data sent > by a user to a page. Whether your user's submitted form data is in > $_POST or $_GET depends on what method attribute you've specified in > the <form> tag in > your HTML code. Take a look at the following HTML example: > > <form method="get" action="script.php"> > <input type="text" name="firstName"> > <input type="text" name="lastName"> > <input type="submit"> > </form> > > Now in the file script.php you can access the submitted form values in > the $_GET array, using the form field names as array keys. e.g: > > <?php > $firstName = $_GET['firstName']; > $lastName = $_GET['lastName']; > echo 'The user submitted the name'.$firstName.' '.$lastName; ?> > > If you had set the <form method="post"> in your HTML, then you could > have accessed the form values from the $_POST array within PHP. > > Hope that helps, > > Al -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
