On Tue, 01 Mar 2005 14:11:22 +0000, mel list_php <list_php@xxxxxxxxxxxxx> wrote: > Why do you think that checking the value ($cloningView=="View") is better? no, i didn't say it was better but it does make a lil difference. i also said, test the POST var. ur example makes it appear as though u keep register_gloabals on. $_POST['cloningView'] == 'View' would be the right way. i put an extra ')' in my previous mail. ofcourse, if(isset($_POST['cloningView'])) should be before that. also, as far as "has the form been submitted" test goes, check with isset/is_null/etc. before comparing values, if u do that at all. this is to avoid warnings/notices and generally write safer code. > I just put something for it to be true but never paid attention to the exact > string. I don't see the difference, if that POST variable exists it comes > from my posted form so had that value. that's fine too. except, when u know u're expecting POST vars, use $_POST['cloningView'] in ur tests, not just $cloningView. in PHP 4 >= 4.2.10, PHP 5 - register_globals is OFF by default. import_request_vars: Although the prefix parameter is optional, you will get an E_NOTICE level error if you specify no prefix, or specify an empty string as a prefix. (from the manual). > I just want my user to display > something else when clicking on a button, so I don't care about the value > itself. > I suppose it's a security thing but I don't see it? u've got the idea. and no, the value isn't important. it's only a minor check which can be circumvented even if u had it in place. as far as the onClick code is concerned, it doesn't really matter what u put there, the page generation occurs at the server side so onClick isn't in any position to offer u security or to make sure that ur form's submit was used to generate the page. well, not unless u come up with some really intricate algo. -- ]# Anirudh Dutt ...pilot of the storm who leaves no trace like thoughts inside a dream -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
