On Mon, 2009-01-12 at 15:15 -0500, Eric Butera wrote: > On Mon, Jan 12, 2009 at 3:03 PM, Ashley Sheridan > <ash@xxxxxxxxxxxxxxxxxxxx> wrote: > > I tend to use $_REQUEST to capture a lot of my data, as I end up mixing > > get and post a lot throughout my code. $_REQUEST is an amalgamate of > > $_COOKIE, $_GET and $_POST (in that order I believe, with $_GET > > overwritting $_COOKIE, and $_POST overwriting $_GET). This is especially > > useful when altering how a form sends data. Only today we had to update > > a form to use GET instead of POST, as IE managed to break the back > > button because of the POST values not auto-submitting. It would have > > meant a lot of code changes had $_REQUEST not been used. > > It's okay if you want to do such things, but I really wouldn't > recommend it. It leads to buggy apps (from almost every example I've > ever seen). Most code I've seen using $_REQUEST doesn't validate it > either which would be the loophole to it. Any app allowing user input > should function no matter where it comes from or what it is, but still > why not be very clear about it. > > GET is for the state of the page & POST is for data. So you really > shouldn't mix the two concepts. Most systems using a front-end loader to get to a page containing a form wouldn't work if you DIDN'T mix the two concepts. Cheers, Rob. -- http://www.interjinn.com Application and Templating Framework for PHP -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php