Today's Posts Follow Us On Twitter! TFL Members on Twitter  
Forum search: Advanced Search  
Navigation
Marketplace
  Members Login:
Lost password?
  Forum Statistics:
Forum Members: 24,254
Total Threads: 80,792
Total Posts: 566,471
There are 1065 users currently browsing (tf).
 
  Our Partners:
 
  TalkFreelance     Design and Development     Programming     PHP and MySQL :

Ace Learning PHP Topic !

Thread title: Ace Learning PHP Topic !
Closed Thread  
Page 2 of 2 < 1 2
    Thread tools Search this thread Display Modes  
07-21-2005, 09:40 AM
#11
odyniec is offline odyniec
odyniec's Avatar
Status: I'm new around here
Join date: Jul 2005
Location: Warsaw, Poland
Expertise:
Software:
 
Posts: 3
iTrader: 0 / 0%
 

odyniec is on a distinguished road

  Old

Originally Posted by Koobi
i would replace this:
PHP Code:
if(isset($_POST['submit'])) 
with this:
PHP Code:
if('go!' == $_POST['submit']) 
otherwise your form will be submitted for any $_POST['submit'] value which bots can do by sending headers.
This is possible in both cases, so there's actually no advantage of replacing.

07-21-2005, 10:21 AM
#12
Koobi is offline Koobi
Koobi's Avatar
Status: Member
Join date: Apr 2005
Location:
Expertise:
Software:
 
Posts: 312
iTrader: 0 / 0%
 

Koobi is on a distinguished road

  Old

it's possible in both cases but checking for the value can prevent other things as well...such as an uninitilized and fault _POST value, for an example.
you're essentially limiting anything other than what you have allowed when you match the value as well which is good scripting practice IMO.

i would use it anyway, i would feel better

Closed Thread  
Page 2 of 2 < 1 2


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

  Posting Rules  
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump:
 
  Contains New Posts Forum Contains New Posts   Contains No New Posts Forum Contains No New Posts   A Closed Forum Forum is Closed