On Mon, Jan 12, 2009 at 4:18 PM, tedd <tedd.sperling@xxxxxxxxx> wrote: > At 8:03 PM +0000 1/12/09, Ashley Sheridan wrote: >> >> I tend to use $_REQUEST to capture a lot of my data, as I end up mixing >> get and post a lot throughout my code. $_REQUEST is an amalgamate of >> $_COOKIE, $_GET and $_POST (in that order I believe, with $_GET >> overwritting $_COOKIE, and $_POST overwriting $_GET). This is especially >> useful when altering how a form sends data. Only today we had to update >> a form to use GET instead of POST, as IE managed to break the back >> button because of the POST values not auto-submitting. It would have >> meant a lot of code changes had $_REQUEST not been used. >> >> >> Ash >> www.ashleysheridan.co.uk > > Arrgggg. > > I was thinking you were up there with the PHP greats until you said that. > :-0 > > I never use requests -- you simply don't know where the data is coming from > and that presents a possible security risk as well as confusion if you have > to review/trouble-shoot the code later. > > Am I wrong? > > Cheers, > > tedd > > > -- > ------- > http://sperling.com http://ancientstones.com http://earthstones.com > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > I can just as easily make firefox/curl send data via cookie or post as a get. It's how you validate it that is the most important (security wise). -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
