[UPHPU] receiving with $_REQUEST

phpninja phpninja at gmail.com
Thu Feb 28 13:55:39 MST 2008


*I have had sever instances where I have needed to submit to a script
from both a form and a link.*

the easiest way to submit a form with a link is using a little javascript,
document.formname.submit();

<script type="text/javascript">
function submitform() {
//possible checks here
document.myform.submit();
return false;
}
</script>

<form name="myform">
<a OnClick="submitform();">submit form</a>
</form>

you can use getelementbyid also to submit forms in replace of formname. This
will submit the form via POST.

As far as request goes, this guy has a take on it that might be useful:
http://doughboy.wordpress.com/2008/01/17/responsible-use-of-the-_request-variable/

regards
phpninja


On 2/28/08, William Attwood <wattwood at gmail.com> wrote:
>
> Most of the items have been touched on when it comes to $_GET, $_POST and
> $_REQUEST.  I honestly believe it is good practice to identify the
> variables
> you will be using and the method in which you receive them.  This way you
> have complete control of how your application functions, leaving less room
> for error.
>
> Another item is of course variable overlapping where you may have a POST
> and
> a GET with the same variable name, thereby over-writing one with the
> other..
>
> Try to keep with good practice and remove the possibility of buggy code by
> specifying your post type.  Getting into good practice will help down the
> road.
>
> -Will
> >
> >
> >
> > On Thu, Feb 28, 2008 at 1:28 PM, Alvaro Carrasco <alvaro at epliant.com>
> > wrote:
> >
> > > Wade Preston Shearer wrote:
> > > > It's obviously wise to only post a form using GET when you
> absolutely
> > > > need to or there are no security concerns involved, but what about
> on
> > > > the receiving end? Are there any reasons to not always receive with
> > > > $_REQUEST? I have heard people say that you should only use
> $_REQUEST
> > > > when you absolutely need to receive from both GET and POST, but if a
> > > > hacker can simulate a POST just as easy as GET then how is it
> > > insecure?
> > > >
> > > >
> > > > wade
> > > > net
> > > Keep in mind that $_REQUEST will also include cookies, which might
> lead
> > > to unexpected results if you don't watch for it. You have to be
> > > especially careful if you are hosting multiple subdomains and some of
> > > them are using-domain wide cookies.
> > >
> > > Alvaro
> > >
> > > _______________________________________________
> > >
> > > UPHPU mailing list
> > > UPHPU at uphpu.org
> > > http://uphpu.org/mailman/listinfo/uphpu
> > > IRC: #uphpu on irc.freenode.net
> > >
> >
> >
>
> _______________________________________________
>
> UPHPU mailing list
> UPHPU at uphpu.org
> http://uphpu.org/mailman/listinfo/uphpu
> IRC: #uphpu on irc.freenode.net
>


More information about the UPHPU mailing list