|
-
Jul 24th, 2004, 01:29 AM
#1
Thread Starter
Hyperactive Member
Re: PHP Forms
Hello!
I am still using this $email = $HTTP_POST_VARS['email']; to get my forms or should i use $_POST['age']; ? Please suggest ...am i at any security risk by using that one ?
Thanks!
Tapan Bhanot,
CEO, Avis Software.
Website: www.avissoftware.com
-
Jul 24th, 2004, 01:34 AM
#2
Stuck in the 80s
I think $HTTP_POST_VARS and $_POST are probably just as secure as one another. $HTTP_POST_VARS is deprecated, however, and it is also not an autoglobal.
So a plus side is that you never have to do:
Code:
global $HTTP_POST_VARS;
Inside a function.
But security-wise, I think they're probably about the same.
-
Jul 24th, 2004, 01:38 AM
#3
Thread Starter
Hyperactive Member
Hi!
I don't understand what do you mean by the global thing ? Is it good or bad ? Also i am using cookies to store information in my login form.
Is there any way to detect weather cookies are enabled or not ?
Thanks!
Tapan Bhanot,
CEO, Avis Software.
Website: www.avissoftware.com
-
Jul 24th, 2004, 01:51 AM
#4
Stuck in the 80s
When you use $HTTP_POST_VARS, if you want to access it within a function, you'll have to do this:
Code:
function MyFunction() {
global $HTTP_POST_VARS;
echo $HTTP_POST_VARS['name'];
}
With $_POST, you can just do:
Code:
function MyFunction() {
echo $_POST['name'];
}
As for detecting whether or not cookies are enabled, that's not possible. That's a browser setting, and PHP is a server side language, so it'll have no way of knowing.
-
Jul 24th, 2004, 01:57 AM
#5
Thread Starter
Hyperactive Member
Hello!
But i have seen many website which says " That cookies are not enabled so please enable cookies to login" how they do it ?
Thanks!
Tapan Bhanot,
CEO, Avis Software.
Website: www.avissoftware.com
-
Jul 24th, 2004, 02:38 AM
#6
You just need to set a flag through the query string to indicate that you have attempted to set the cookie.
If the browser did not fulfill the request then its value will not be present in the $_COOKIE array:
PHP Code:
<?php
if (! isset ($_GET['cookieset'])) {
setcookie ("testcookie", "testvalue");
echo ('<a href="?cookieset">click here to continue</a>');
} else {
if (isset ($_COOKIE['testcookie']))
echo ($_COOKIE['testcookie']);
else
echo ('i could not give you a cookie');
}
?>
-
Jul 24th, 2004, 03:08 AM
#7
Thread Starter
Hyperactive Member
Thanks visualAd and The Hobo.
Tapan Bhanot,
CEO, Avis Software.
Website: www.avissoftware.com
-
Jul 24th, 2004, 02:39 PM
#8
Stuck in the 80s
Originally posted by visualAd
You just need to set a flag through the query string to indicate that you have attempted to set the cookie.
If the browser did not fulfill the request then its value will not be present in the $_COOKIE array:
PHP Code:
<?php
if (! isset ($_GET['cookieset'])) {
setcookie ("testcookie", "testvalue");
echo ('<a href="?cookieset">click here to continue</a>');
} else {
if (isset ($_COOKIE['testcookie']))
echo ($_COOKIE['testcookie']);
else
echo ('i could not give you a cookie');
}
?>
Good call. I didn't think of that.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|
Reply With Quote
