Quote:
www.arch13.com/index.php?id=brewery , and then have the id2= hidden, even though it was passed to get the picture it refrences. Perhaps like having brewery.php?id=1 where 1 is the first picture.
Am I making any sense?
|
The request method is either GET or POST, not both. You can do this however if memory serves me correctly, with register_globals turned on (which mashes the GET, POST, COOKIES, and ENV variables into their own variables), which is a very, very bad idea! Try to think of a way that you can use either GET or POST.
As to your second question:
Well, I'm not sure I understand the wording of the question correctly. Can you rephrase perhaps?
Above all, please please please make sure you validate your id1 or id2 variables! I don't see it, but perhaps you do have some validating code, so forget the following if you do:
If they're numbers, make sure they're numbers: use is_numeric(), is_float etc and perhaps if ($id1 > 0) to make sure it's not negative (if that's not what you're going for).
If you don't, someone could easily craft a way to exploit your program. If you're going to be including PHP files, do something like this:
Code:
$inc_files = array('main.php', 'blah.php');
if (in_array($id, $inc_files) == TRUE)
{
include($id);
}
else
{
include('default_page.php');
};
The code may not be correct, but hopefully you get the idea. Now users can't possibly go to any other page that is NOT in the array. You can easily load that array with values from just about anything.