$_SESSION & $_REQUEST made me made, what is difference?

Discussion in 'PHP' started by globalcashsite, Dec 22, 2009.

0
  1. #1
    Guys

    I am not a proper Bamboo php progarmmer but with help of google and discussion forums I create small modules according to my requirement.

    Since 2 days I was working on simple login form so unauthorized people can't access my site. Here is the code that finally worked. I know this might be a nasty way to do the same but since I am not proper programmer so please excuse me. :D

    Although I did it but I am still confused what is difference between $_SESSION and $_REQUEST because in above case some times $_SESSION worked and sometimes $_REQUEST.

    I spend a whole day but failed then at above RED LINE I used both $_SESSION and $_REQUEST in same statement with OR so wherever variable is stored it triggered the code and finally it was triggered. I used $_SESSION and $_REQUEST separately at above line but it worked first time but when I reload page it again did not work and call loginform.

    After first time login = $_REQUEST has "admin"
    After first time login = $_SESSION has ""

    After reload page = $_REQUEST has ""
    After reload page = $_SESSION has "admin"


    I want to understand difference so in future php files I can save time.

    GCS
     
    globalcashsite, Dec 22, 2009 IP
  2. itvn

    itvn Peon

    Messages:
    30
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #2
    $_REQUEST: An associative array consisting of the contents of $_GET, $_POST, and $_COOKIE.
    $_SESSION: Session data only.
     
    itvn, Dec 22, 2009 IP
  3. astkboy2008

    astkboy2008 Peon

    Messages:
    211
    Likes Received:
    5
    Best Answers:
    0
    Trophy Points:
    0
    #3
    i think you should puts this session_start(); in the first line
    and please use $_POST['gcslogin'] NOT $_REQUEST['gcslogin']
     
    astkboy2008, Dec 22, 2009 IP
  4. CodedCaffeine

    CodedCaffeine Peon

    Messages:
    130
    Likes Received:
    4
    Best Answers:
    0
    Trophy Points:
    0
    #4
    Depends on what is wanted. Using $_REQUEST allows the script to take both the form submitted parameters and url submitted parameters. (And cookie params, of course) Honestly, I'd only limit it to one of the three, unless you wanted to use two (or three) of the options for this.

    On a side note, the source code is really insecure. The Request array isn't cleaned by any means, so you could inject code via a cookie or get request (or post if you want). All it would require is something like..

    http://website.com/page.php?gcslogin=(INSERT CODE HERE)
    Code (markup):
     
    CodedCaffeine, Dec 23, 2009 IP
  5. ghprod

    ghprod Active Member

    Messages:
    1,010
    Likes Received:
    11
    Best Answers:
    0
    Trophy Points:
    78
    #5
    $_SESSION = temporary data that store in server about our data
    $_REQUEST = like request data to server via POST/GET :)

    regards
     
    ghprod, Dec 23, 2009 IP