why use $_POST when you have $_SESSION?

Re: why use $_POST when you have $_SESSION?

The session ID is simply the key to a record which exists on the server, and
this record contains whatever session data you write to it. This means that
different PHP pages which provide the same session ID will connect to the
same session data on the server. This is the way that one web page passes is
state to another web page.

BTW, $_POST and $_SESSION are totally different, and it is not a case of
using one or the other. You will always use $_POST when sending data from
the client to the server, while the use of $_SESSION is totally optional and
invisible to the client.

--
Tony Marston



"Sandman" <enjoylife_9513 5@hotmail.comwr ote in message
news:1169805764 .707449.268930@ h3g2000cwc.goog legroups.com...

Re: why use $_POST when you have $_SESSION?

Tony Marston wrote:
Except when you use $_GET or $_REQUEST

Re: why use $_POST when you have $_SESSION?

Paul Lautman <paul.lautman@b tinternet.comwr ote:
GET's should only be used to retrieve data, $_REQUEST is usually just
sloppy code.
--
Rik Wasmus

Re: why use $_POST when you have $_SESSION?

Hi Tony,
I guess the part where I had a question was where it was absolutely
required to use session IDs. It seems like it is possible to fill a
value in $_SESSION['user'] in, say page1.php. Then you go to page2.php,
and that value is still there. So why try to remember SIDs?

I think I understand the difference between $_POST and $_SESSION,
thanks for clearing that up.

EL

On Jan 26, 2:18 am, "Tony Marston" <t...@NOSPAM.de mon.co.ukwrote:

Re: why use $_POST when you have $_SESSION?

I guess the part where I had a question was where it was absolutelyThat value is still there *BECAUSE* you've got SIDs to tell you the first
hit is in the same session as the second hit. It's a database key.

Re: why use $_POST when you have $_SESSION?

On Jan 26, 2:02 am, "Sandman" <enjoylife_95.. .@hotmail.comwr ote:Yes. Forms.
This is correct.
This is only partially correct. You can do this only if the client
accepts cookies.
Disable cookies in your browser and try again. You will find that
session_start() doesn't do the trick anymore...
It provides an alternative session propagation mechanism for clients
that don't accept cookies.

Cheers,
NC

Re: why use $_POST when you have $_SESSION?

Is there any particular reason I should still use $_POST?Let me summarize and extend the answers a bit:
You use $_POST, $_GET, or $_REQUEST for communication with the client.
For instance, if a user provides a login and a password, they come in
through $_POST (I hope).

You use $_SESSION for everything that is client-related, but should
remain on the server. For instance, all database IDs. If you keep the
UserID after a successful login, store it in a (new!) session and do not
put it in a hidden field. A hidden field is easily altered, which means
that after a successful login, you could simply "log over" to any other
user!

The session ID is something like a ticket with a number you get when
using the wardrobe of a theater. You get a piece of the theater's
storage space to put your personal belongings in, without the wardrobe
people know who you are. The only link between you and this temporarily
assigned space is the number on your ticket. So a session ID is a way of
anonimizing personally assigned space on the server.

Best regards.

Re: why use $_POST when you have $_SESSION?


"Paul Lautman" <paul.lautman@b tinternet.comwr ote in message
news:51v4v1F1k5 5ftU1@mid.indiv idual.net...Wrong. $_GET is used to request data FROM the server, while $_POST is used
to send data TO the server.

--
Tony Marston

Re: why use $_POST when you have $_SESSION?

Tony Marston wrote:No, Tony. $_GET is used to fetch information from the query string.
This can be from several sources - including <form action=get...>. But
$_GET is always used on the server, and the data always comes from the
browser.

--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attgl obal.net
=============== ===

Re: why use $_POST when you have $_SESSION?


"Jerry Stuckle" <jstucklex@attg lobal.netwrote in message
news:wfKdnTa_dt SiNSHYnZ2dnUVZ_ vXinZ2d@comcast .com...I disagree. The GET method is used to fetch data from the server and send it
to the client. The POST method is use to send data from the client to the
server. The GET method is bookmark-able, whereas the POST method is not.
This is the correct way as it is not good practice to bookmark a URL which
updates the server.

--
Tony Marston

Re: why use $_POST when you have $_SESSION?

Tony Marston <tony@NOSPAM.de mon.co.ukwrote:
In both cases data is sent to the server. However, GET should only be used
to retrieve (specific) data, POST can be used to alter(add/delete/edit)
data. That's what was meant I'd say.
--
Rik Wasmus

Re: why use $_POST when you have $_SESSION?

Tony Marston wrote:I know you disagree, Tony. It's just another example of your
stoopidity. Not understanding what's going on.

Even though I know it's hopeless, here's an attempt to educate you.

GET and POST are both methods of requesting data from the server. Both
are sent by the browser to request a page from the server. They include
the URI to be retrieved.

The only difference between them is how they send specific data to the
server. The GET method includes parameters int he URI string. The POST
method sends the data as a separate string, similar to the way cookies
are sent. The only time the browser will send a POST request is in
response to a form with an method=post. However, you can POST to a form
yourself, i.e. by opening a socket and sending a POST request. That's
what CURL does when requested, for instance. Or, you can do it manually
(although I don't recommend it - it gets a bit complex).

Both are bookmarkable. The difference is that when you use a bookmark,
your browser will always do a GET, even if the original request was a
POST. This may or may not be important. For instance, often times a
form submits back to itself for parameter checking. In this case, you
would only have to fill in the data itself. If, however, the form
required data, you would get an error from the form itself.

I know all this is wasted on you, Tony. But maybe someone else will
learn from it.

--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attgl obal.net
=============== ===

Re: why use $_POST when you have $_SESSION?

On Jan 28, 10:51 am, Jerry Stuckle <jstuck...@attg lobal.netwrote:Just to add on to what you were saying: the application that receives
the POST request on the server takes in the data through the STDIN
stream. POST requests can accommodate more data. Rik summed up the
purposes for using each pretty nicely. One should not allow records
from a database to altered through a URI, like this, for example:
http://example.com/admin/?delete=some_ID. I used this when I was still
new to PHP and Web programming.

If only I had known about this newsgroup a long time ago, I probably
would've avoided more pitfalls earlier. ;-)

--
Curtis

Re: why use $_POST when you have $_SESSION?

On Jan 28, 11:51 pm, Jerry Stuckle <jstuck...@attg lobal.netwrote:Also since GET method includes parameters in the URL list, it is not
preferred since you would not want the user data moving across in the
URL which could be easily played around. Ok, then you could encrypt
and send the data in the URL but then there is a limit on the amount
of data you can transfer using GET in the URL.

<snip>