Re: onClick

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 01 Mar 2005 14:11:22 +0000, mel list_php <list_php@xxxxxxxxxxxxx> wrote:
> Why do you think that checking the value ($cloningView=="View") is better?

no, i didn't say it was better but it does make a lil difference. i
also said, test the POST var. ur example makes it appear as though u
keep register_gloabals on.

$_POST['cloningView'] == 'View' would be the right way. i put an extra
')' in my previous mail. ofcourse, if(isset($_POST['cloningView']))
should be before that.

also, as far as "has the form been submitted" test goes, check with
isset/is_null/etc. before comparing values, if u do that at all. this
is to avoid warnings/notices and generally write safer code.

> I just put something for it to be true but never paid attention to the exact
> string. I don't see the difference, if that POST variable exists it comes
> from my posted form so had that value.

that's fine too. except, when u know u're expecting POST vars, use
$_POST['cloningView'] in ur tests, not just $cloningView. in PHP 4 >=
4.2.10, PHP 5 - register_globals is OFF by default.
import_request_vars:  Although the prefix parameter is optional, you
will get an E_NOTICE level error if you specify no prefix, or specify
an empty string as a prefix. (from the manual).

> I just want my user to display
> something else when clicking on a button, so I don't care about the value
> itself.
> I suppose it's a security thing but I don't see it?

u've got the idea. and no, the value isn't important. it's only a
minor check which can be circumvented even if u had it in place.

as far as the onClick code is concerned, it doesn't really matter what
u put there, the page generation occurs at the server side so onClick
isn't in any position to offer u security or to make sure that ur
form's submit was used to generate the page. well, not unless u come
up with some really intricate algo.

-- 
]#
Anirudh Dutt


...pilot of the storm who leaves no trace
like thoughts inside a dream

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [PHP Users]     [Postgresql Discussion]     [Kernel Newbies]     [Postgresql]     [Yosemite News]

  Powered by Linux