TalkPHP - View Single Post

h0ly lag · 05-20-2009, 10:12 PM

Of course, rule number one. Never trust user input. :)

So maybe something like this:
/reply.php?t=56

And all that 't' GET variable would be is the thread ID.

I guess just keep it simple. Just verify and filter the GET var and go with it. Yeah?

EDIT: After read Wildhoney's post, is it more advantageous to use GET or the hidden input field like I currently am? Does it even matter?

05-20-2009, 10:12 PM	#5 (permalink)
h0ly lag The Contributor Join Date: Apr 2008 Location: Nevada, USA Posts: 52 Thanks: 10	Of course, rule number one. Never trust user input. :) So maybe something like this: /reply.php?t=56 And all that 't' GET variable would be is the thread ID. I guess just keep it simple. Just verify and filter the GET var and go with it. Yeah? EDIT: After read Wildhoney's post, is it more advantageous to use GET or the hidden input field like I currently am? Does it even matter? __________________