William Jiang

JavaScript,PHP,Node,Perl,LAMP Web Developer – http://williamjxj.com; https://github.com/williamjxj?tab=repositories

Tag Archives: $_POST

Pass $_POST data between different PHPs

Pass $_POST data between different PHPs

There are at least 3 ways to pass ‘post’ data between scripts except from general processing:

  1. write post data to a $_SESSION variable.
    $_SESSION['post'] = $_POST;
    header("Location: script.php");
    // in script.php, get back the $_POST data by:
    $post = $_SESSION['post'];
  2. write post data to a middle file:
    $fh = fopen($file, 'w') or die("can't open file");
    fwrite($fh, print_r($_POST, true));
    // later, use the following way to get back the $_POST data.
    $post = file_get_contents($file);
  3. write post data to a middle DB table.

All the above methods should work, which is better? It is hard to say and depends on real environment.


php $_REQUEST, $_GET, $_POST

When we process submit form, how to accept the input request? We have 3 choices: $_REQUEST, $_GET, $_POST. What’s the difference between $_REQUEST and the other 2 ?

$_REQUEST contains: $_GET, $_POST request, as well as $_COOKIE variables.

The following is a real case which occurs bugs, For the html form:

  1. <form action=”process_submit.php”, method=”GET”>…</form>

Suppose we have 2 import pairs: [‘user’]=’test_user’, [‘pass’]=’test_pass’.
If using $_GET or $_POST, we accurately get what we are expecting:

  1. and user = ‘test_user’ and pass = ‘test_pass’;

However, if for better compatibility of changing form’s method between ‘GET’ and ‘POST’, we use $_REQUEST to hold all the possibility, like:

  1. foreach ($_REQUEST as $key => $value) {
  2.   $hash[$key] = trim($value);
  3.   $condition = ” and $key='” . $trim($value) . “‘ “;
  4. }

Because $_REQUEST=$_GET/$_POST + $_COOKIE, unanticipated variables are imported, here is some security holes and vogue bugs.

  • and user=’test_user’ and pass=’test_pass’ and cookie_key1=’cookie_value1′ and cookie_key2=’cookie_value2′ …

This is not exactly what we want.
So, if you are sure which request are input (method=’get’ or method=’post’), use it directly ($_GET, or $_POST) instead of vague $_REQUEST.
In other words, avoid to use $_REQUEST, this max avoid bugs and security holes.