On Mon, 2009-01-12 at 16:18 -0500, tedd wrote: > At 8:03 PM +0000 1/12/09, Ashley Sheridan wrote: > > > >I tend to use $_REQUEST to capture a lot of my data, as I end up mixing > >get and post a lot throughout my code. $_REQUEST is an amalgamate of > >$_COOKIE, $_GET and $_POST (in that order I believe, with $_GET > >overwritting $_COOKIE, and $_POST overwriting $_GET). This is especially > >useful when altering how a form sends data. Only today we had to update > >a form to use GET instead of POST, as IE managed to break the back > >button because of the POST values not auto-submitting. It would have > >meant a lot of code changes had $_REQUEST not been used. > > > > > >Ash > >www.ashleysheridan.co.uk > > Arrgggg. > > I was thinking you were up there with the PHP greats until you said that. :-0 > > I never use requests -- you simply don't know where the data is > coming from and that presents a possible security risk as well as > confusion if you have to review/trouble-shoot the code later. > > Am I wrong? > > Cheers, > > tedd > > > -- > ------- > http://sperling.com http://ancientstones.com http://earthstones.com > Both GET and POST are as susceptible as each other to attack. So as long as data is properly sanitised before it's used, it should be fine. Ash www.ashleysheridan.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
