Re: Re: trying to figure out the best/efficient way to tell whois loggedinto a site..

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Dan Baker wrote:
"Ben" <ben@xxxxxxxxxxxxxxxxx> wrote in message

[snip]

Interesting, but I think I wouldn't spend the extra code to detect if I was expecting a POST, but got a GET. If I didn't get the value from POST, I'd just assume it wasn't there -- I wouldn't go looking elsewhere for it, and report an error.


There's no extra code with !empty($_POST['whatever']). They didn't send the information in the correct format (as a $_POST), so more than likely it's someone trying to do something funny. So ignore it or whatever. It's a real fast way to check if the data your getting came from your form. You still need to do all the other checks too.

I see it not as a real security measure per se, but more like an initial check to make sure what I'm getting from my forms (may) have really came from my forms. If you can eliminate some funn business right off the bat then you don't have to do any extra processing on what most probably is bad data.

[snip]

And the lazy guy answer... typing $_POST and $_GET is faster than typing $_REQUEST ;-).


This is, by far, the best reason I've ever heard!  <grin>

DanB


I'd agree with that one too! ;)

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux