Jump to content
Larry Ullman's Book Forums

Recommended Posts

Hi,

Obviously I'm new here, and fairly new to PHP - so far this book has been very helpful and usually easy to follow. I got the 3rd edition from the library and got through Chapter 10 before ordering the 4th edition when it came out. So now I'm just skimming back through the early chapters to see what's different.

The calculator script is quite different, and I was wondering about the method of checking if the form has been submitted. The earlier version used a hidden form input and checked if the value was set, the new one checks if $_SERVER['REQUEST_METHOD'] is POST. What's the difference? Is that better or more secure? Does the hidden form input being visible in the HTML source have anything to do with it?

 

BTW, I like your way of showing the tags in blocks. On a couple art websites I'm a member of it's often difficult to tell how tags are going to show up until the piece is posted - and that's important if you're trying to sell something!

Link to comment
Share on other sites

Thanks for your interest in the book and for the nice words. As for your question, there's no security difference between the two approaches. I switched to checking the server request method because it requires less code and some people were confused by the purpose and/or value of the hidden form input. Also, the hidden form input trick requires that it's in there, which can be forgotten. But all in all, it's a minor difference and I would recommend everyone use the approach they're most comfortable with.

Link to comment
Share on other sites

Hi,

Obviously I'm new here, and fairly new to PHP - so far this book has been very helpful and usually easy to follow. I got the 3rd edition from the library and got through Chapter 10 before ordering the 4th edition when it came out. So now I'm just skimming back through the early chapters to see what's different.

The calculator script is quite different, and I was wondering about the method of checking if the form has been submitted. The earlier version used a hidden form input and checked if the value was set, the new one checks if $_SERVER['REQUEST_METHOD'] is POST. What's the difference? Is that better or more secure? Does the hidden form input being visible in the HTML source have anything to do with it?

 

BTW, I like your way of showing the tags in blocks. On a couple art websites I'm a member of it's often difficult to tell how tags are going to show up until the piece is posted - and that's important if you're trying to sell something!

 

The new way is just using the $_SERVER global variable instead of adding more html to the markup. There are many ways to accomplish the same task in PHP and other programming language. I originally saw this used in another text and then in Larry's E-Commerce book.

Link to comment
Share on other sites

 Share

×
×
  • Create New...