PDA

Click to See Complete Forum and Search --> : Re: PHP Forms

AvisSoft
Jul 24th, 2004, 01:29 AM
Hello!

I am still using this $email = $HTTP_POST_VARS['email']; to get my forms or should i use $_POST['age']; ? Please suggest ...am i at any security risk by using that one ?

Thanks!
The Hobo
Jul 24th, 2004, 01:34 AM
I think $HTTP_POST_VARS and $_POST are probably just as secure as one another. $HTTP_POST_VARS is deprecated, however, and it is also not an autoglobal.

So a plus side is that you never have to do:

global $HTTP_POST_VARS;

Inside a function.

But security-wise, I think they're probably about the same.
AvisSoft
Jul 24th, 2004, 01:38 AM
Hi!

I don't understand what do you mean by the global thing ? Is it good or bad ? Also i am using cookies to store information in my login form.

Is there any way to detect weather cookies are enabled or not ?

Thanks!
The Hobo
Jul 24th, 2004, 01:51 AM
When you use $HTTP_POST_VARS, if you want to access it within a function, you'll have to do this:

function MyFunction() {
global $HTTP_POST_VARS;

echo $HTTP_POST_VARS['name'];
}

With $_POST, you can just do:

function MyFunction() {
echo $_POST['name'];
}

As for detecting whether or not cookies are enabled, that's not possible. That's a browser setting, and PHP is a server side language, so it'll have no way of knowing.
AvisSoft
Jul 24th, 2004, 01:57 AM
Hello!

But i have seen many website which says " That cookies are not enabled so please enable cookies to login" how they do it ?

Thanks!
visualAd
Jul 24th, 2004, 02:38 AM
You just need to set a flag through the query string to indicate that you have attempted to set the cookie.

If the browser did not fulfill the request then its value will not be present in the $_COOKIE array:

<?php
if (! isset ($_GET['cookieset'])) {
setcookie ("testcookie", "testvalue");
echo ('<a href="?cookieset">click here to continue</a>');
} else {
if (isset ($_COOKIE['testcookie']))
echo ($_COOKIE['testcookie']);
else
echo ('i could not give you a cookie');
}
?>
AvisSoft
Jul 24th, 2004, 03:08 AM
Thanks visualAd and The Hobo.
The Hobo
Jul 24th, 2004, 02:39 PM
Originally posted by visualAd
You just need to set a flag through the query string to indicate that you have attempted to set the cookie.

If the browser did not fulfill the request then its value will not be present in the $_COOKIE array:

<?php
if (! isset ($_GET['cookieset'])) {
setcookie ("testcookie", "testvalue");
echo ('<a href="?cookieset">click here to continue</a>');
} else {
if (isset ($_COOKIE['testcookie']))
echo ($_COOKIE['testcookie']);
else
echo ('i could not give you a cookie');
}
?>


Good call. I didn't think of that.