Re: Data trasfer between PHP pages

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 2009-01-12 at 16:18 -0500, tedd wrote:
> At 8:03 PM +0000 1/12/09, Ashley Sheridan wrote:
> >
> >I tend to use $_REQUEST to capture a lot of my data, as I end up mixing
> >get and post a lot throughout my code. $_REQUEST is an amalgamate of
> >$_COOKIE, $_GET and $_POST (in that order I believe, with $_GET
> >overwritting $_COOKIE, and $_POST overwriting $_GET). This is especially
> >useful when altering how a form sends data. Only today we had to update
> >a form to use GET instead of POST, as IE managed to break the back
> >button because of the POST values not auto-submitting. It would have
> >meant a lot of code changes had $_REQUEST not been used.
> >
> >
> >Ash
> >www.ashleysheridan.co.uk
> 
> Arrgggg.
> 
> I was thinking you were up there with the PHP greats until you said that.  :-0
> 
> I never use requests -- you simply don't know where the data is 
> coming from and that presents a possible security risk as well as 
> confusion if you have to review/trouble-shoot the code later.
> 
> Am I wrong?
> 
> Cheers,
> 
> tedd
> 
> 
> -- 
> -------
> http://sperling.com  http://ancientstones.com  http://earthstones.com
> 
Both GET and POST are as susceptible as each other to attack. So as long
as data is properly sanitised before it's used, it should be fine.


Ash
www.ashleysheridan.co.uk


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux