Menu
I need to pass some data with these 2 methods together ( GET AND POST ). I write this method, but I don't know if it is safe:
<form method="post" action="profile.php?id=<?php echo $_SESSION['id']; ?>" enctype="multipart/form-data">
<input type="text" size="40" name="title" >
<textarea name="description" rows="2" cols="30"></textarea>
<input id="starit" name="submit" value="Create" type="submit" />
</form>
<?php
a= $_GET['id'];
b= $_POST['title'];
c= $_POST['description'];
?>
Is this code safe ? Or there are other ways to do that ?
811
This is not a combined GET and POST request; rather, it's a POST request with query parameters.
What you have written would be the right way. Always make sure that you get the expected fields:
if (isset($_GET['id'], $_POST['title'], $_POST['description']) {
// go ahead
}
Btw, make sure that you escape your output:
<form method="post" action="profile.php?id=<?php echo rawurlencode($_SESSION['id']); ?>">
And if you're not uploading files, you don't need to set the enctype of your <form>.
165
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
