On 6/17/06 5:34 PM, Satyam wrote:
Your application might require that flexibility or accepting data via POST or GET, in which case, it is just fine. Contrary to another post I've read, there is nothing good of register_globals, that is why it is now defaulted to off and kept for compatibility, though highly discouraged. There is nothing intrinsically wrong with $_REQUEST, it is slightly more vulnerable than differentiating POSTs from GETs, but it is not the worst you can do
I never said there was anything good about register_globals. In fact, I was implying that it was bad. With register_globals, you can't tell whether the variable $foo is local, global, from POST, from GET, from COOKIE, etc. I compared $_REQUEST to register_globals because it behaves similarly: you still don't know whether $_REQUEST['foo'] comes from POST, GET, or COOKIE. The good thing is that you at least know it comes from an HTTP request, so you know not to trust anything from it.
-- Ben Ramsey http://benramsey.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
