There are no real security issues with the $_REQUEST object. What
needs to be taken into consideration is that the order that the PHP
engine gathers data from the system ( GPCS ) and the potential issues
having cookies or session data named the same as the actual data you
are trying to access via the request array.
Bastien
Sent from my iPod
On Apr 12, 2009, at 13:48, Ron Piggott <ron.php@xxxxxxxxxxxxxxxxxx>
wrote:
Thanks. I got my script updated. Ron
On Sun, 2009-04-12 at 22:33 +0600, 9el wrote:
One thing you should know is that when you use $_GET, you'll
be sending a little information about the particular page to
the browser and therefore it would be displayed in the address
bar so for example if you're using get on a login page, you'll
be showing user id and passwrod in the address bar. $_POST
does the exact opposite of $_GET in that aspect and it's
ideal. $_REQUEST does both.
Its also important to know that some critical information like
multipart meta data cant be sent via get. And GET method is not safe
too.
Large chunks of data are sent via POST method.
$_REQUEST is not advised to use for security reasons.. there are
senior and experienced programmers here who will elaborate more onto
this :)
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
