SitePoint Sponsor

User Tag List

Results 1 to 8 of 8
  1. #1
    SitePoint Guru
    Join Date
    Nov 2008
    Posts
    622
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)

    isset() with text link

    hi

    i know how to use isset() with submit buttons

    But if i have a text link

    Code:
    <a href="2">link 2</a>
    then how will i check it with

    Code:
    if(isset())
    vineet

  2. #2
    Founder of Primal Skill Ltd. feketegy's Avatar
    Join Date
    Aug 2006
    Posts
    482
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    The anchor element is not a form element, therefore it doesn't get passed to $_POST if that's what you're referring to... you need to use input or button elements.

  3. #3
    Hosting Team Leader silver trophybronze trophy
    cpradio's Avatar
    Join Date
    Jun 2002
    Location
    Ohio
    Posts
    5,131
    Mentioned
    152 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by feketegy View Post
    The anchor element is not a form element, therefore it doesn't get passed to $_POST if that's what you're referring to... you need to use input or button elements.
    Or you have to provide a querystring variable you can check such as
    Code:
    <a href="2?pageSet=true">link 2</a>
    To check it
    PHP Code:
    if (isset($_GET['pageSet']))
    {


  4. #4
    Founder of Primal Skill Ltd. feketegy's Avatar
    Join Date
    Aug 2006
    Posts
    482
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by cpradio View Post
    Or you have to provide a querystring variable you can check such as
    Code:
    <a href="2?pageSet=true">link 2</a>
    To check it
    PHP Code:
    if (isset($_GET['pageSet']))
    {

    That's one of the worst answers I saw...

  5. #5
    Hosting Team Leader silver trophybronze trophy
    cpradio's Avatar
    Join Date
    Jun 2002
    Location
    Ohio
    Posts
    5,131
    Mentioned
    152 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by feketegy View Post
    That's one of the worst answers I saw...
    Unfortunately that neither helps or provides anything meaningful. The person asked for how you would be able to recognize a link was clicked, I provided a simple example. Would you likely use that in a real environment, maybe not, but tell me how many times do you see the following:
    Code:
    <a href="mydomain.com/?logout=true">Logout</a>
    Now tell me how that is any better than what I provided?

    It isn't and you would use the same process to actually log the person out of your website. There isn't any issue with XSS or CSRF in my example, nor does it have any problems against best practices.

  6. #6
    Founder of Primal Skill Ltd. feketegy's Avatar
    Join Date
    Aug 2006
    Posts
    482
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by cpradio View Post
    Unfortunately that neither helps or provides anything meaningful. The person asked for how you would be able to recognize a link was clicked, I provided a simple example. Would you likely use that in a real environment, maybe not, but tell me how many times do you see the following:
    Code:
    <a href="mydomain.com/?logout=true">Logout</a>
    Now tell me how that is any better than what I provided?

    It isn't and you would use the same process to actually log the person out of your website. There isn't any issue with XSS or CSRF in my example, nor does it have any problems against best practices.
    Your answer is misleading, the OP is clearly a beginner in programming, you provide a piece of unsecure code just to answer his question. It's fine to provide answers like this, but don't forget to mention that is bad practice to use it. Why not mention to use POST instead of GET? etc.


    ...but tell me how many times do you see the following:
    Code:
    <a href="mydomain.com/?logout=true">Logout</a>
    I never saw this kind of logout anywhere in production code. And yes, it's a bad practice to do this way.

  7. #7
    Hosting Team Leader silver trophybronze trophy
    cpradio's Avatar
    Join Date
    Jun 2002
    Location
    Ohio
    Posts
    5,131
    Mentioned
    152 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by feketegy View Post
    Your answer is misleading, the OP is clearly a beginner in programming, you provide a piece of unsecure code just to answer his question. It's fine to provide answers like this, but don't forget to mention that is bad practice to use it. Why not mention to use POST instead of GET? etc.
    First of all, it isn't unsecure, as the data isn't being used except to see it was provided. Sure anyone could pass a querystring variable, but I can show you site after site after site that uses querystrings to show you what you asked for. Think of all the pretty URLs. My example isn't any different.

    Quote Originally Posted by feketegy View Post
    I never saw this kind of logout anywhere in production code.
    I can't believe that because 90% of requests you see today browsing this forum do this very thing (go ahead, look at the URL). Look at the Logout URL of this forum too while you are at it.

    The OP poster asked how you can read items coming from a LINK, not a FORM. I answered that respectively. Not everything can be a form, everything shouldn't be a form. Granted, maybe we read his request two different ways?

    I read it as "How can I use isset when working with a LINK?" There are two ways, the most common is passing a variable and using isset on the $_GET request. The second is reading the HTTP_REFERER (not always available).

    I believe you read it as "I am submitting my form using a LINK, how do I use isset() to see that it was submitted?" There is an answer for that too, you can have a hidden field, your link is tied with JavaScript to run form.submt(), and you can use isset() on the $_POST request for the hidden field.

    Lesson to Learn: Next time on an ambiguous question, maybe we can identify how we interpreted the question along with our answer to avoid this confusion.

  8. #8
    . shoooo... silver trophy logic_earth's Avatar
    Join Date
    Oct 2005
    Location
    CA
    Posts
    9,013
    Mentioned
    8 Post(s)
    Tagged
    0 Thread(s)
    Hope this clears some things up.

    Quote Originally Posted by feketegy View Post
    ...you provide a piece of unsecure code...is bad practice to use it.
    It is not insecure, nor is it bad practice.

    Why not mention to use POST instead of GET? etc.
    GET and POST are two different things. They function differently, a link cannot issue a POST request without the aid of Javascript. A link only has the functionality of a GET request. Thus a link is limited to file paths and query strings. One should use GET when the request make no real changes on the server, I.e. a safe request. However, if there is a change like something is deleted then POST should be used.

    I never saw this kind of logout anywhere in production code. And yes, it's a bad practice to do this way.
    No, it is not bad practice. I don't know where you got that silly notion. Whether you use "http://example.com/logout" or "http://example.com/?action=logout" it is all the same.
    Logic without the fatal effects.
    All code snippets are licensed under WTFPL.



Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •