You should pull form data from predefined server variables. All data passed on to your web page via a posted form is automatically stored in a large array called
$_POST, and all GET data is stored in a large array called
$_GET. File upload information is stored in a special array called
$_FILES. In addition, there is a combined variable called
To access the username field from a
POSTmethod form, use
$_GET['username']if the username is in the URL. If you don't care where the value came from, use
<?php $post_value = $_POST['post_value']; $get_value = $_GET['get_value']; $some_variable = $_REQUEST['some_value']; ?>
$_REQUESTis a union of the
$_COOKIEarrays. If you have two or more values of the same parameter name, be careful of which one PHP uses. The default order is cookie, POST, then GET.
There has been some debate on how safe
$_REQUESTis, but there shouldn't be. Because all of its sources come from the outside world (the user's browser), you need to verify everything in this array that you plan to use, just as you would with the other predefined arrays. The only problems you might have are confusing bugs that might pop up as a result of cookies being included.
|Today's Tip was adapted from "Wicked Cool PHP" by William Steinmetz with Brian Ward, Published by No Starch Press.|