Get / Post Question On Custom Cgridview Button


I have been using the POST button described in this wiki.

At the top of my controller, I have the following

public function filters()


	return array(


	 	'postOnly + email', // access 'actionEmail' action via POST request only



‘actionEmail’ is executed without error, which means that the button must be creating a POST request, which is correct. But the following code - in the action - sets the value of $test to 1 instead of 2.









Any ideas why?


Check in your firebug on section "Network" what happens.

what is the value of url:$(this).attr(‘href’) ? please write in your javascript alert($(this).attr(‘href’))

Post the results.

Hi KonApaz

This is what the alert is showing: /iccap/frontend/www/aut6_mct/email/?id=2

I will check firebug tomorrow.


That’s why!

Although your method is POST the url contains the id, so isset($_GET[‘id’]) returns true

If you want to take the id only from the $_POST you have to change the view file to send as input with name ‘id’ or something similar

for more help please post your form-view code.


Here is a link to my CGridView buttons in another post where I discuss a different problem. Do you need more code from the form-view?

Hi again

You haven’t any problem using $_GET[‘id’] instead $_POST[‘id’] in this case!

‘postOnly + email’ prevent access by get method and you can still use $_GET[‘id’]

So, have any problem with that?

No, I don’t have much problems using $_GET[] in a POST request.

But it sounds crazy. Why does it work like that? Is it safe?

If you check with native php code it works with same way

for example

if I submit a form with username and password from below url

localhost/test/index.php?a=1 then the resulr of GET and POST variable

$_GET['a'] = '1'

$_POST['username'] = 'user1'

$_POST['password'] = 'pass1'

check also

if you use validators yes it is secured!

Hi again

Thank you for the info.

I have read at various sites that both GET and POST is only really safe when it is used with https.


Nothing is absolute safe on the web, also GET and POST :)

But what do you want to do and what kind of validation or purification of variables you want to applied?

Its a business application. So I need to make as sure as possible that data entered by users are safe and that hackers can not corrupt the database.

Besides normal password salting and record validation, I also have a record-level-access-control system that is linked to the user’s roles (access-permissions).

I can also restrict controller-actions to specific user roles.

I will use https and I have the server managed by expensive people.

even using https remember to validate the user inputs especially those one that will be stored in database

check also these wiki(s)

OK many thanx.