[FX.php List] Disallowing access thru modifying url?

DC dan.cynosure at dbmscan.com
Wed Apr 26 11:44:52 MDT 2006


Joel Shapiro had written:
> Thanks so much Kevin, Hal, Derrick & Dan for your great responses.

no problem.

> A terminology question, though:
> You all mention using GET requests (or "params" [short for  
> 'parameters'?]).  I don't explicitly use "GET" anywhere.  Is GET just  
> the term/concept for whenever the submission is contained in a URL --  
> as opposed to within a Form, where the submission criteria are not  
> shown in the URL?

yes. GET is shorthand for 'your UI will show parameters passed visibly 
in the URL string'. So, in an html form you can submit using 
method="GET" or method="POST". if you change any of your forms to 
method="GET" you'' see every parameter stuffed into the resulting URL 
after you click that form's submit button.

GET simply appends the named parameters of the form while POST sends 
them in the headers of the browser request (hidden from the average user).

> My link is generated by the code:
> <a href="page.php?recid=
>    <?php
>    $recordDetails=explode('.',$key2);
>    $currentRecord=$recordDetails[0];
>    echo $currentRecord;
>    ?>">
> (and for the new related records via a portal, for which I just added  a 
> 'recid' field:
> <snip>
> while($Data['rel::recid'][$prow]) {
>    echo '<a href="page.php?recid='.$Data['rel::recid'][$prow].'">';
> </snip>
> Are these GET requests (or "params") by definition?

yes. when you construct your own URL with named parameters you are using 


More information about the FX.php_List mailing list