Submitting a form without any Method?

[doomed2020]

Hi there,

 

If a form was submitted without any proper method , how can we grab that particular information on the other side ?

 

For example :

 

index.php

 

<form action="process.php" method=""> 

Userame: <input type="text" name="userName" /> 
Password: <input type="password" name="pass" /> 
<input type="submit" name="submit" value="submit" 

</form>

 

process.php

 

$userName = $_REQUEST['userName']; 
$password = $_REQUEST['pass']; 

echo ("Welcome " . $username . " to our page.");

 

 

Now what if a user deliberately alters the method, and uses "$_POST or $_GET or Leaves it blank. How can I can make it fool proof on the server side without using the $_REQUEST Global Variable?

 

Is there any other way to grab that submitted information like in $_SERVER Global Variable ?

 

*For those who think the form will not submit without disclosing the method, then they must try this after disabling their Java-script.

 

I hope you understand my question and would reply me in as detail as possible.

 

Thanks

[scootstah]

A form with no method attribute will default to GET, so you can access it with $_GET. $_REQUEST is generally frowned upon because it lacks specificity.

 

To check if it is blank you can use isset() or empty().

[requinix]

1. Forms always have methods. It is not possible for them to not have one. If you don't specify one then it is GET by default.

 

2. Make your process.php check that the form('s fields) were submitted using whatever method it wants. For a login form you must use POST - otherwise, with GET, the credentials will show up in the URL and that's Bad.

if (empty($_POST["userName"]) || empty($_POST["pass"])) {
    // form was not submitted properly
    // do something, like redirect or show a login form with error or whatever
} else {
    // form was submitted properly
}