[FX.php List] Disallowing access thru modifying url?
DC
dan.cynosure at dbmscan.com
Wed Apr 26 11:44:52 MDT 2006
inline...
Joel Shapiro had written:
> Thanks so much Kevin, Hal, Derrick & Dan for your great responses.
>
no problem.
> A terminology question, though:
> You all mention using GET requests (or "params" [short for
> 'parameters'?]). I don't explicitly use "GET" anywhere. Is GET just
> the term/concept for whenever the submission is contained in a URL --
> as opposed to within a Form, where the submission criteria are not
> shown in the URL?
>
yes. GET is shorthand for 'your UI will show parameters passed visibly
in the URL string'. So, in an html form you can submit using
method="GET" or method="POST". if you change any of your forms to
method="GET" you'' see every parameter stuffed into the resulting URL
after you click that form's submit button.
GET simply appends the named parameters of the form while POST sends
them in the headers of the browser request (hidden from the average user).
> FWIW:
> My link is generated by the code:
> <a href="page.php?recid=
> <?php
> $recordDetails=explode('.',$key2);
> $currentRecord=$recordDetails[0];
> echo $currentRecord;
> ?>">
>
> (and for the new related records via a portal, for which I just added a
> 'recid' field:
> <snip>
> while($Data['rel::recid'][$prow]) {
> echo '<a href="page.php?recid='.$Data['rel::recid'][$prow].'">';
> </snip>
>
> Are these GET requests (or "params") by definition?
>
yes. when you construct your own URL with named parameters you are using
GET.
dan
More information about the FX.php_List
mailing list