Hosting Provided By

Re: When GET = POST?

From: David Bullock <davidbullock(at)tech-center.com>
Date: Sat Nov 09 2002 - 02:49:28 EST

Original Message ----- From: "Chris Thomas" <chris.thomas@lodoga.co.uk>

> Hi,
>
> This has been troubling me for a while.
>
> When pen testing web apps where a page POSTs data it often seems just as
> effective (and easier) to encode the data in the URL (i.e. use and HTTP
> GET ). Is guess this is because many server-side languages do not
> differentiate how a variable is set?
>
> - How is this situation handled in common server side languages such
> PHP, etc?

Recent versions of PHP actually do place the GET and POST variables into two different arrays, $_POST, and $_GET.

Older versions of PHP had the $HTTP_GET_VARS and $HTTP_POST_VARS arrays.

http://www.php.net/manual/en/language.variables.predefined.php Received on Sat Nov 9 10:12:56 2002

This message: [ Message body ]
Next message: Alonso Robles: "Re: When GET = POST?"
Previous message: Dave Aitel: "Re: [Spike] Re: IIS 5.0 with Integrated Window Authentication"
Reply: Alonso Robles: "Re: When GET = POST?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:44 EDT