track_vars problem

Anon

hi.

if i send variables (eg myVar) in a form via GET-method i can access the variable in my php-script just by using $myVar. but if i submit it via POST-method i get the warning:
undefinded variable $myVar in line xx..

didn't get it, what's going on here? please help. thx.
A

Anon

You are always better off extracting the variables from an array. This prevents the user from setting the variable itself. Whenever possible you should use the POST method, or sessions, instead of the GET method. Makes it difficult for the variables to be overwritten by the user.

Assuming you use the post method in your form, you can then use $HTTP_POST_VARS

if (is_array($HTTP_POST_VARS)){
extract(HTTP_POST_VARS);
}

You will now have access to the variables by name without having to access te HTTP_POST_VARS array, and if the surfer tried to set the variable within the url string ie http://www.domain.com?myvar=true , it will be overwritten by the proper variables extracted from HTTP_POST_VARS.

If I am not mistaken, it is actually the register globals function giving you the probelm. Sounds like it is disabled on your system. IMHO, that's a good thing. track_vars places the variables in the arrays, HTTP_POST_VARS, HTTP_GET_VARS, ect. register_globals makes theose variables accessable without accessing the arrays themselves. That poses a bit of a security risk.

Keep global variables to a minimum, always extract any form based variables from the appropriate araay before using them. ie HTTP_POST_VARS, HTTP_GET_VARS, ect. It's just safer.