Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 13 of 13
  1. #1
    New to the CF scene
    Join Date
    Feb 2007
    Posts
    4
    Thanks
    0
    Thanked 0 Times in 0 Posts

    $_POST and $_GET a variable from url

    I am new in php:

    I want to pass a variable to url from a link and than get it from there....

    Can someone give me an idea or a piece of script...

  • #2
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,994
    Thanks
    4
    Thanked 2,662 Times in 2,631 Posts
    Sure.
    PHP Code:
    <?php

    if(isset($_GET['variable']))
    {
        echo 
    $_GET['variable'];
    }
    ?>
    $_* is a superglobal construct, so you don't need to globalize anytime you make use of them in function calls. They also have priority overrides, if I'm not mistaken its: $_ENV->$_GET->$_POST->$_REQUEST->$_COOKIE->$_SESSION, but someone may need to confirm that.
    Anyway, you pass through whats called the 'querystring', for example:
    http://www.yoursite.com/page.php?var1=1&var2=2...
    Anything past the ? is part of the query string. PHP has an optional configuration setting called register_globals which allows you to register any of your superglobals as $GLOBAL variables. This was necessary way back in the past, but it is no longer wise to make use of them. With the uri querystring given, the accessors would be:
    $_GET['var1'] and $_GET['var2']
    $_REQUEST exists on your system as well depending on the version of php. I believe it was 4.4.1 which $_REQUEST was released which simply merges together the $_GET and $_POST superglobals, giving $_POST priority. Don't rely too much on $_REQUEST if you can avoid it.
    Querystrings are always considered a $_GET superglobal. While forms can be either, generally you will send data via a post method, hense the $_POST superglobals (with the exception of $_FILES which also comes from forms).
    Does that answer any questions about the querystring?
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 
    Been gone for a few months, and haven't programmed in that long of a time. Meh, I'll wing it ;)

  • #3
    Super Moderator Inigoesdr's Avatar
    Join Date
    Mar 2007
    Location
    Florida, USA
    Posts
    3,647
    Thanks
    2
    Thanked 406 Times in 398 Posts
    Quote Originally Posted by Fou-Lu View Post
    They also have priority overrides, if I'm not mistaken its: $_ENV->$_GET->$_POST->$_REQUEST->$_COOKIE->$_SESSION, but someone may need to confirm that.
    *snip*
    $_REQUEST exists on your system as well depending on the version of php. I believe it was 4.4.1 which $_REQUEST was released which simply merges together the $_GET and $_POST superglobals, giving $_POST priority. Don't rely too much on $_REQUEST if you can avoid it.
    Close! The $_REQUEST superglobal is populated in the order of the variables_order directive in php.ini. $_REQUEST should be avoided at all costs. There is basically no need to use it, and if you do then you should rewrite your script so it won't need it. You should only pass variables with one method at a time and validate them as such. ie. Form variables should pretty much always be posted, there's no need to get them from $_GET, $_COOKIE, or $_SESSION, and doing so could easily open up your script to XSS vulnerabilities. That's not to say that only using $_POST will prevent attacks; you should always validate any user input.

  • #4
    Senior Coder
    Join Date
    Jan 2007
    Posts
    1,648
    Thanks
    1
    Thanked 58 Times in 54 Posts
    $_REQUEST should be avoided at all costs.
    And why is this?

  • #5
    Regular Coder the-dream's Avatar
    Join Date
    Mar 2007
    Location
    Northamptonshire, UK
    Posts
    477
    Thanks
    8
    Thanked 4 Times in 4 Posts
    or

    PHP Code:
    <?php
    $url 
    $_GET['variable'];

    echo 
    $url;
    ?>

  • #6
    Senior Coder
    Join Date
    Jan 2007
    Posts
    1,648
    Thanks
    1
    Thanked 58 Times in 54 Posts
    Google for a beginners PHP tutorial.

    There are hundreds, if not thousands, of them.

  • #7
    Regular Coder the-dream's Avatar
    Join Date
    Mar 2007
    Location
    Northamptonshire, UK
    Posts
    477
    Thanks
    8
    Thanked 4 Times in 4 Posts

  • #8
    Super Moderator Inigoesdr's Avatar
    Join Date
    Mar 2007
    Location
    Florida, USA
    Posts
    3,647
    Thanks
    2
    Thanked 406 Times in 398 Posts
    Quote Originally Posted by aedrin View Post
    And why is this?
    Because depending on the order, if you were expecting a POSTed variable for instance and someone sent a cookie with that same name, it would be overwritten by their variable. This could potentially allow malicious code to be executed among other potential serious problems.

  • #9
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,994
    Thanks
    4
    Thanked 2,662 Times in 2,631 Posts
    $_REQUEST is not only a rewritable variable, you can also control your variables_order in a PHP_INI_ALL fashion. MY request variables only contain $_GET and $_POST, but this is mainly due to support for pre 4.2.0 php systems when creating a "superglobal" look-alike.
    Granted, because of the fact that $_REQUEST normally merges the $_COOKIE superglobal, it should not be relied on.
    However, saying that $_REQUEST should not be used at all costs is the same as saying that creation of userdefined variables and functions should also be avoided at all costs. If $_REQUEST was a protected core variable, I would agree. But since it is not, I will have to say I disagree.
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 
    Been gone for a few months, and haven't programmed in that long of a time. Meh, I'll wing it ;)

  • #10
    Senior Coder
    Join Date
    Mar 2003
    Location
    Atlanta
    Posts
    1,037
    Thanks
    14
    Thanked 30 Times in 28 Posts
    Quote Originally Posted by Inigoesdr View Post
    Form variables should pretty much always be posted, there's no need to get them from $_GET, $_COOKIE, or $_SESSION, and doing so could easily open up your script to XSS vulnerabilities. That's not to say that only using $_POST will prevent attacks; you should always validate any user input.
    Should you use POST when you are doing something like recieving results from a database from some search terms. I was taught to use the GET method since the GET method is idempotent. Meaning that no matter how many times a person searches for "red car" the results are going to be the same regardless of how many times they click the search button.

    I'm just curious to hear your input on this.
    Most of my questions/posts are fairly straightforward and simple. I post long verbose messages in an attempt to be thorough.

  • #11
    Super Moderator Inigoesdr's Avatar
    Join Date
    Mar 2007
    Location
    Florida, USA
    Posts
    3,647
    Thanks
    2
    Thanked 406 Times in 398 Posts
    Quote Originally Posted by StupidRalph View Post
    Should you use POST when you are doing something like recieving results from a database from some search terms. I was taught to use the GET method since the GET method is idempotent. Meaning that no matter how many times a person searches for "red car" the results are going to be the same regardless of how many times they click the search button.

    I'm just curious to hear your input on this.
    The results will be the same no matter what method you use because it's being passed to the database the same way with the same text. Using either method isn't necessarily better than the other; it's dependent on preference or circumstance.

  • #12
    Senior Coder
    Join Date
    Jan 2007
    Posts
    1,648
    Thanks
    1
    Thanked 58 Times in 54 Posts
    Quote Originally Posted by Inigoesdr View Post
    Because depending on the order, if you were expecting a POSTed variable for instance and someone sent a cookie with that same name, it would be overwritten by their variable. This could potentially allow malicious code to be executed among other potential serious problems.
    Which is why you never trust any outside input, and filter for bad things?

  • #13
    Super Moderator Inigoesdr's Avatar
    Join Date
    Mar 2007
    Location
    Florida, USA
    Posts
    3,647
    Thanks
    2
    Thanked 406 Times in 398 Posts
    Quote Originally Posted by aedrin View Post
    Which is why you never trust any outside input, and filter for bad things?
    Yes, but why put yourself in position to have this problem to begin with?


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •