hi
i know how to use isset() with submit buttons
But if i have a text link
<a href="2">link 2</a>
then how will i check it with
if(isset())
vineet
The anchor element is not a form element, therefore it doesn’t get passed to $_POST if that’s what you’re referring to… you need to use input or button elements.
Or you have to provide a querystring variable you can check such as
<a href="2?pageSet=true">link 2</a>
To check it
if (isset($_GET['pageSet']))
{
}
That’s one of the worst answers I saw…
Unfortunately that neither helps or provides anything meaningful. The person asked for how you would be able to recognize a link was clicked, I provided a simple example. Would you likely use that in a real environment, maybe not, but tell me how many times do you see the following:
<a href="mydomain.com/?logout=true">Logout</a>
Now tell me how that is any better than what I provided?
It isn’t and you would use the same process to actually log the person out of your website. There isn’t any issue with XSS or CSRF in my example, nor does it have any problems against best practices.
Your answer is misleading, the OP is clearly a beginner in programming, you provide a piece of unsecure code just to answer his question. It’s fine to provide answers like this, but don’t forget to mention that is bad practice to use it. Why not mention to use POST instead of GET? etc.
…but tell me how many times do you see the following:
<a href="mydomain.com/?logout=true">Logout</a>
I never saw this kind of logout anywhere in production code. And yes, it’s a bad practice to do this way.
First of all, it isn’t unsecure, as the data isn’t being used except to see it was provided. Sure anyone could pass a querystring variable, but I can show you site after site after site that uses querystrings to show you what you asked for. Think of all the pretty URLs. My example isn’t any different.
I can’t believe that because 90% of requests you see today browsing this forum do this very thing (go ahead, look at the URL). Look at the Logout URL of this forum too while you are at it.
The OP poster asked how you can read items coming from a LINK, not a FORM. I answered that respectively. Not everything can be a form, everything shouldn’t be a form. Granted, maybe we read his request two different ways?
I read it as “How can I use isset when working with a LINK?” There are two ways, the most common is passing a variable and using isset on the $_GET request. The second is reading the HTTP_REFERER (not always available).
I believe you read it as “I am submitting my form using a LINK, how do I use isset() to see that it was submitted?” There is an answer for that too, you can have a hidden field, your link is tied with JavaScript to run form.submt(), and you can use isset() on the $_POST request for the hidden field.
Lesson to Learn: Next time on an ambiguous question, maybe we can identify how we interpreted the question along with our answer to avoid this confusion.
Hope this clears some things up.
It is not insecure, nor is it bad practice.
Why not mention to use POST instead of GET? etc.
GET and POST are two different things. They function differently, a link cannot issue a POST request without the aid of Javascript. A link only has the functionality of a GET request. Thus a link is limited to file paths and query strings. One should use GET when the request make no real changes on the server, I.e. a safe request. However, if there is a change like something is deleted then POST should be used.
I never saw this kind of logout anywhere in production code. And yes, it’s a bad practice to do this way.
No, it is not bad practice. I don’t know where you got that silly notion. Whether you use “http://example.com/logout” or “http://example.com/?action=logout” it is all the same.