[FX.php List] Disallowing access thru modifying url?

Joel Shapiro jsfmp at earthlink.net
Wed Apr 26 11:51:27 MDT 2006


Thank you Dan
That's very clear and helpful.

Best,
-Joel


On Apr 26, 2006, at 10:44 AM, DC wrote:

> inline...
>
> Joel Shapiro had written:
>> Thanks so much Kevin, Hal, Derrick & Dan for your great responses.
>
> no problem.
>
>> A terminology question, though:
>> You all mention using GET requests (or "params" [short for   
>> 'parameters'?]).  I don't explicitly use "GET" anywhere.  Is GET  
>> just  the term/concept for whenever the submission is contained in  
>> a URL --  as opposed to within a Form, where the submission  
>> criteria are not  shown in the URL?
>
> yes. GET is shorthand for 'your UI will show parameters passed  
> visibly in the URL string'. So, in an html form you can submit  
> using method="GET" or method="POST". if you change any of your  
> forms to method="GET" you'' see every parameter stuffed into the  
> resulting URL after you click that form's submit button.
>
> GET simply appends the named parameters of the form while POST  
> sends them in the headers of the browser request (hidden from the  
> average user).
>
>> FWIW:
>> My link is generated by the code:
>> <a href="page.php?recid=
>>    <?php
>>    $recordDetails=explode('.',$key2);
>>    $currentRecord=$recordDetails[0];
>>    echo $currentRecord;
>>    ?>">
>> (and for the new related records via a portal, for which I just  
>> added  a 'recid' field:
>> <snip>
>> while($Data['rel::recid'][$prow]) {
>>    echo '<a href="page.php?recid='.$Data['rel::recid'][$prow].'">';
>> </snip>
>> Are these GET requests (or "params") by definition?
>
> yes. when you construct your own URL with named parameters you are  
> using GET.
>
> dan
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list



More information about the FX.php_List mailing list