$_POST Help

[thomashw]

If I have a value named "custom" being sent to the page via the POST method, will this work?

 

if ( isset ( $_POST['custom'] ) )

$_GET['PHPSESSID'] = htmlspecialchars($_POST['custom']);

session_start();

 

The value is a session id.

[MadTechie]

depends what your trying todo

if you want to set $_GET['PHPSESSID'] to $_POST['custom'] then yes

[thomashw]

Sorry, basically what I'm asking is will session_start() see the $_GET['PHPSESSID'] automatically? Or, if not, how do I set the session ID to equal what $_POST['custom'] is?

[MadTechie]

the session_start() has nothing to do with the $_GET['PHPSESSID']..

unless you wish to set the session id

ie

session_id($_GET['PHPSESSID'])

 

see Session Handling Functions

[thomashw]

Okay, thank you.

 

I've had to change the way I do it a little bit. I now have to use the $_GET method (undesirable) but is this safe?

 

if ( isset ( $_GET['PHPSESSID'] ) )
$sid = trim ( htmlspecialchars ( $_GET['PHPSESSID'] ) );

session_id( $sid );

session_start();

[drummer101]

It's safe if you validate all the inputs.

 

for instance, if you had a $_GET variable page.php?admin=0

 

A user could change it to admin=1 and receive admin privs, if you don't correctly check to make sure they're authorized to use admin privs.

[thomashw]

Okay, great.

 

I'm using this to communicate with Paypal to restore the users session once they come back to the site. For some reason the sessions weren't restoring by themselves.

 

I tried to use the POST method, but if you have auto-redirection on from Paypal, they don't pass the variables for some reason. So I had to append the persons SID to the return URL and get it that way.

[redarrow]

be very carefull playing with php form that process paypal

entrys to your database please goto paypal website and

cheek if your code has any secuity holes trust me m8.

 

good luck well done.........

 

really need to inplement ssl and encript

the php form and code but you gotto use paypal cripting method.