NYCPHP Meetup

NYPHP.org

[nycphp-talk] handling forms (relative newbie)

Jeff Siegel jsiegel1 at optonline.net
Fri Oct 3 15:07:21 EDT 2003


I'm not exactly clear *why* it matters if you just do $_SESSION =
$_POST? (Perhaps I overlooked something in the thread?) 

Assuming that the data has been "cleaned" before you dump post into
session, and assuming that when you pull the data out you don't blindly
grab all the post vars but handle them by name, e.g., $_POST['myname'],
etc., and even if someone put some bogus additional post var in there
you wouldn't be handling it (since you are handling the post vars by
name), so, what's the source of the potential harm? 

Jeff Siegel

-----Original Message-----
From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]
On Behalf Of Aaron Fischer
Sent: Friday, October 03, 2003 7:54 AM
To: NYPHP Talk
Subject: Re: [nycphp-talk] handling forms (relative newbie)


That makes perfect sense.  Thanks.

-A

On Thursday, October 2, 2003, at 03:58 pm, Scott Mattocks wrote:

> If you used $_SESSION['_POST'] = $_POST then the session array has as 
> an element an array containing the post data.  Since you have an array

> in an array you would access it like this:
> echo $_SESSION['_POST']['first_name'];
>
> Scott Mattocks

_______________________________________________
talk mailing list
talk at lists.nyphp.org
http://lists.nyphp.org/mailman/listinfo/talk




More information about the talk mailing list