<ma**********@hotmail.com> wrote:
ahhh! fully confused! so should i be using SESSION variables or POST?
That is, how is this kinda thing usually done? i'm sure it's a fairly
common problem. should i submit the form as SESSION, or is this a
security flaw? it seems stupid using post, and then having to copy, one
by one, the variables to SESSION. doesn't seem "right".
cheers
dave
To get data from the user, you have 2.5 options:
1) GET: The variables are stored in the query string of the URL (the part
after the '?'). Usable with: Hyperlinks, Forms.
2) POST: The variables are sent in the body of the HTTP request. This is
the _only_ common way to transmit files. (You could use PUT for this, too,
but AFAIK it's not widely supported.) Usable with: Forms.
3) COOKIE: This is the "half option" in the 2.5, since you are likely to
set all the data you recieve from a cookie yourself in a PHP script. You
could use JavaScript to modify a cookie, too, but since this depends on the
client it's no real option. Usable with: Server side mechanisms only. (With
except of the mentioned method.)
The "BIG 7" aren't complete yet. Additionaly to the above, there are:
a) $_ENV: The complete environment which has been passed to PHP. These are
most likely not the same variables you get by typing 'env' on the console,
but specific information about the server and the current request. In most
cases, you won't need this, because all of the important information gets
parsed by PHP and is stuffed into $_SERVER.
b) $_SERVER: Contains a lot of useful data about the server software and
the request itself. If you are searching for information on the current
request, var_dump($_SERVER) is almost certainly the best beginning.
c) $_FILES: If the raw POST input contained uploaded files, PHP will stuff
them into temporary files and stores all the known data about the file
(original filename, name of the temporary file, filesize and if submitted
the used mime-type [warning: this has not to be the real mime-type!]) in
this superglobal.
d) $_SESSION: All the data in this array is the result of exactly ONE
variable supplied by the visitor (with either of the above methods): It's
session id. According to this ID, PHP searches it's session data for a
match. If there is a file with session data for this session, $_SESSION
will be filled with the data in that file.
--
Simon Stienen <http://dangerouscat.net> <http://slashlife.de>
»What you do in this world is a matter of no consequence,
The question is, what can you make people believe that you have done.«
-- Sherlock Holmes in "A Study in Scarlet" by Sir Arthur Conan Doyle