• 0

[PHP] Accepting only the POST method and not GET.


Question

In a PHP page, is it possible for it to reject/detect the type of data submitted to it?

I am writing a page that accepts form field values from another page, however, I have seen that the GET method allows you to change the information. I want to prevent this and only allow my page to accept data submitted using the POST method.

So, if the page was being called like this:

mypage.php?usernam=ashman&password=love

The page mypage.php would reject the values in username and password.

Thanks.

Link to comment
Share on other sites

4 answers to this question

Recommended Posts

  • 0

I'm pretty sure you can stop it by getting the data passed in either of the POST arrays, regardless of register_globals being ON or OFF. You're probably uses to $_REQUEST['myvar']; - this will get the value of myvar passed through any of the main methods - POST, GET and cookie.

To get data from just POST, you can use $myvar = $_POST['myvar']; (or if that doesn't work, $myvar = $HTTP_POST_VARS['myvar']; - I haven't checked this, but I'm fairly sure this will make myvar = 0 if there is nothing passed through POST with the name myvar. If register_globals is ON (making POST/GET/cookie vars available without any special lines for each variable), this will overwrite a value passed to it automatically from mypage.php?myvar=3

Actually, I'm off to test if it overwrites the var now. Handy to know...

EDIT: Nearly right. It sets to to nothing, not zero. Same result for us - it means it will overwrite any (potential rogue) GET vars. Also, isset() thinks it doesn't exist, even though I passed the test script a value with the same name through GET.

Edited by Quboid
Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.