codeline Posted September 18, 2010 Share Posted September 18, 2010 My PHP learning continues and lately I've been messing around with various ways to use $_GET.. one in which I have a single page that can display, add and edit information I have in my database. I'm specifically working with a users.php page that displays all the users I have in my db. Within this page, I also have $_GET['editUser'] to view a form to edit that user's information via form. I am also using another $_GET in which if the user is successfully updated/edited, the page will refresh with the extension "&updated=true" (&updated=false if query fails). As the page refreshes, I have a "if" statement that shows a success or failure alert depending if $_GET['updated'] is not empty. So all in all my URLs look as follows: "users.php?editUser=8&updated=true" Now everything is working but I just wanted to make sure this is a valid way to use the $_GET method and also if this is a proper direction to take for showing alerts. Quote Link to comment Share on other sites More sharing options...
mraza Posted September 18, 2010 Share Posted September 18, 2010 yes there is nothing wrong in that, i use it as well for notifications. Quote Link to comment Share on other sites More sharing options...
JasonLewis Posted September 18, 2010 Share Posted September 18, 2010 People could still get the alert if they were simply enter the address in the address bar, however depending on what it's for it shouldn't matter too much at all, as the message is harmless. Quote Link to comment Share on other sites More sharing options...
diocyria Posted September 18, 2010 Share Posted September 18, 2010 Now I'm not anywhere close to a PHP guru, but a side note to this topic would have to be just to make sure you have appropriate security in place so then only the authorized accounts can access such a page... you don't want Sally Sue logging in as a basic user and suddenly upping her account status, while removing your entire account altogether (locking you out of your own site, even if only temporary). Could be slightly annoying. This is of course assuming that your page will bring them back to a form where they are displayed yet again with User#8's information that they could simply edit it and submit such a reply. This is getting a little more in depth in to possible ways of getting around your security, but it is something to be considered during a process such as this. Other than that though, I agree your use of the GET request method is perfectly fine. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.