SitePoint Sponsor

User Tag List

Results 1 to 7 of 7
  1. #1
    Node mutilating coot timnz's Avatar
    Join Date
    Feb 2001
    Location
    New Zealand
    Posts
    516
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Stay the same variable!

    Hey, I was just wondering which variable like overwrites the other.

    Say you have a form, with a field with the name: test, and a value of hello, now say, on the page you submit that field to, someone has tacked onto the url ?test=goodbye

    What will the value of $test now be, will it be hello or goodbye.

    I was thinking that you could overwrite anything in the URL by extracting $HTTP_POST_VARS.

    Ok, I just tried to recreate this then, and couldn't achieve it, because you have to hit refresh on the page where it submits to, and so you aren't actually sending any data that is in your address bar.

    But what say you are using sessions, and someone tacks one of your session variables onto the URL of a page, will the session variable get overwritten, or will the URL stuff be ignored?

  2. #2
    SitePoint Wizard TWTCommish's Avatar
    Join Date
    Aug 1999
    Location
    Pittsburgh, PA, USA
    Posts
    3,910
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Like you said, you can't really do that. I don't know how it works with sessions variables exactly, but I think that, if one of them comes "later" than the other, in any form, it would be the current value. In most cases, though, as you can see, it's not really possible.

  3. #3
    Node mutilating coot timnz's Avatar
    Join Date
    Feb 2001
    Location
    New Zealand
    Posts
    516
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks, I'll test it out later on when I have some time, to set my mind straight on things. I just wanted to make sure I wasn't leaving any huge security holes in my scripts

  4. #4
    Making a better wheel silver trophy DR_LaRRY_PEpPeR's Avatar
    Join Date
    Jul 2001
    Location
    Missouri
    Posts
    3,428
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    as far as what overwrites what - that's what gpc_order in php.ini controls, isn't it? it's safer anyway, and the preferred way, to use the HTTP_*_VARS arrays.

  5. #5
    Node mutilating coot timnz's Avatar
    Join Date
    Feb 2001
    Location
    New Zealand
    Posts
    516
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Cool, just looked at my php.ini and it says that gpc_order is deprecated, or however that word is spelt, and it said to use variables_order as well.

    variables_order = "EGPCS"
    "This directive describes the order in which PHP registers GET, POST, Cookie, Environment and Built-in variables (G, P, C, E & S respectively, often referred to as EGPCS or GPC). Registration is done from left to right, newer values override older values."

    So with this setup, if something is defined in the GET (ie someone typing in browser) it will be overwritten by an element in the post vars, which in turn would be overwritten by a cookie, and then built-in variables.

    So when they say cookie, would this be the same as a session variable would it not? I am guessing that it would be.

  6. #6
    Making a better wheel silver trophy DR_LaRRY_PEpPeR's Avatar
    Join Date
    Jul 2001
    Location
    Missouri
    Posts
    3,428
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    yeah, i knew gpc_order was dep'd, and i was thinking variables_order was for something else but was wrong.

    yeah i assume session vars are the same as cookies.

  7. #7
    Node mutilating coot timnz's Avatar
    Join Date
    Feb 2001
    Location
    New Zealand
    Posts
    516
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Okay cool, I think this is quite a handy piece of information to know.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •