Wicked cool PHP: Fetching form variables

RELATED TOPICS

You should pull form data from predefined server variables. All data passed on to your web page via a posted form is automatically stored in a large array called

$_POST
, and all GET data is stored in a large array called
$_GET
. File upload information is stored in a special array called
$_FILES
. In addition, there is a combined variable called
$_REQUEST
.

To access the username field from a

POST
method form, use
$_POST['username']
. Use
$_GET['username']
if the username is in the URL. If you don't care where the value came from, use
$_REQUEST['username']
.

________________________________________________________

<?php
$post_value = $_POST['post_value'];
$get_value = $_GET['get_value'];
$some_variable = $_REQUEST['some_value'];
?>

________________________________________________________

$_REQUEST
is a union of the
$_GET
,
$_POST
, and
$_COOKIE
arrays. If you have two or more values of the same parameter name, be careful of which one PHP uses. The default order is cookie, POST, then GET.

There has been some debate on how safe

$_REQUEST
is, but there shouldn't be. Because all of its sources come from the outside world (the user's browser), you need to verify everything in this array that you plan to use, just as you would with the other predefined arrays. The only problems you might have are confusing bugs that might pop up as a result of cookies being included.

_________________

wicked-cool-php_cov-90.jpg
Today's Tip was adapted from "Wicked Cool PHP" by William Steinmetz with Brian Ward, Published by No Starch Press.
RELATED TOPICS
Morale boosters: 5 proven ways to motivate your IT team
View Comments
You Might Like
Join the discussion
Be the first to comment on this article. Our Commenting Policies