Re: trying to figure out the best/efficient way to tell whois loggedinto a site..

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Dan Baker wrote:
On the one hand, you can't trust anything that came from the client, but on the other if you're expecting a variable to come from a cookie and instead it comes from a get you know something weird is going on, but using $_REQUEST you'll be oblivious. You ought to know where your variable values are coming from, $_REQUEST hides this.
Interesting, but I think I wouldn't spend the extra code to detect if I was expecting a POST, but got a GET. If I didn't get the value from POST, I'd just assume it wasn't there -- I wouldn't go looking elsewhere for it, and report an error.
Sorry, I didn't mean to suggest you spend the extra time checking to see if you got a get when expecting a cookie, I meant to suggest that if you were expecting a cookie you only look for a cookie and therefore ignore the get (and generate whatever error is appropriate if you didn't get the value). No point doing any extra coding. The point was that you shouldn't accept a variable from where you weren't expecting it, which $_REQUEST doesn't allow you to do.
The *main* reason I use $_REQUEST is so I can code up GET and POST pages that all are handled by the same php functions. I may have an item called "Key" that contains what the end-user is expected to be doing ("User.Create" or "User.Edit" or whatever). Then I may have a link (GET) that has ?Key=User.Create, while a form (POST) that has a hidden value "Key" with value "User.Create". I don't really care if it came from a GET or POST -- if the data is all valid, I'll allow it to work.
How are you passing your values to your functions? If you stick to local variables in your functions they won't care where you got the values from. Deal with the post or get values in whatever script handles your form submissions and have it pass the values on to your functions. 

IE
In your post handling script:

$result=doSomething($_POST['this'],$_POST['that']);

In your get handling script:

$result=doSomething($_GET['this'],$_GET['that']);


- Ben

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux