Re: PHP Forms

Printable View

Jul 24th, 2004, 01:29 AM
AvisSoft

Re: PHP Forms

Hello!

I am still using this $email = $HTTP_POST_VARS['email']; to get my forms or should i use $_POST['age']; ? Please suggest ...am i at any security risk by using that one ?

Thanks!
Jul 24th, 2004, 01:34 AM
The Hobo

I think $HTTP_POST_VARS and $_POST are probably just as secure as one another. $HTTP_POST_VARS is deprecated, however, and it is also not an autoglobal.

So a plus side is that you never have to do:

Code:

global $HTTP_POST_VARS;

Inside a function.

But security-wise, I think they're probably about the same.
Jul 24th, 2004, 01:38 AM
AvisSoft

Hi!

I don't understand what do you mean by the global thing ? Is it good or bad ? Also i am using cookies to store information in my login form.

Is there any way to detect weather cookies are enabled or not ?

Thanks!
Jul 24th, 2004, 01:51 AM
The Hobo

When you use $HTTP_POST_VARS, if you want to access it within a function, you'll have to do this:

Code:

function MyFunction() { global $HTTP_POST_VARS; echo $HTTP_POST_VARS['name']; }

With $_POST, you can just do:

Code:

function MyFunction() { echo $_POST['name']; }

As for detecting whether or not cookies are enabled, that's not possible. That's a browser setting, and PHP is a server side language, so it'll have no way of knowing.
Jul 24th, 2004, 01:57 AM
AvisSoft

Hello!

But i have seen many website which says " That cookies are not enabled so please enable cookies to login" how they do it ?

Thanks!
Jul 24th, 2004, 02:38 AM
visualAd

You just need to set a flag through the query string to indicate that you have attempted to set the cookie.

If the browser did not fulfill the request then its value will not be present in the $_COOKIE array:

PHP Code:

<?php if (! isset ($_GET['cookieset'])) { setcookie ("testcookie", "testvalue"); echo ('<a href="?cookieset">click here to continue</a>'); } else { if (isset ($_COOKIE['testcookie'])) echo ($_COOKIE['testcookie']); else echo ('i could not give you a cookie'); } ?>
Jul 24th, 2004, 03:08 AM
AvisSoft

Thanks visualAd and The Hobo.
Jul 24th, 2004, 02:39 PM
The Hobo

Quote:

Originally posted by visualAd
You just need to set a flag through the query string to indicate that you have attempted to set the cookie.

If the browser did not fulfill the request then its value will not be present in the $_COOKIE array:

PHP Code:

<?php if (! isset ($_GET['cookieset'])) { setcookie ("testcookie", "testvalue"); echo ('<a href="?cookieset">click here to continue</a>'); } else { if (isset ($_COOKIE['testcookie'])) echo ($_COOKIE['testcookie']); else echo ('i could not give you a cookie'); } ?>

Good call. I didn't think of that.