$_REQUEST is "less secure" because it also contains cookie data. If you manage just to set a cookie, with the name "act" and value "logout", the user will infinitely log out - You get the point. On Sun, Apr 12, 2009 at 10:56 PM, Jason Pruim <jason@xxxxxxxxxxxxxx> wrote: > > On Apr 12, 2009, at 1:48 PM, Ron Piggott wrote: > > >> Thanks. I got my script updated. Ron >> > > There are a few other thing's that I didn't see mentioned... > > The best description of when to use what, is this.. Use POST when you are > submitting a form for storing info, using GET when you are retrieving from > the server... > > GET can also be bookmarked and shared between computers without a > problem... So depending on what your app is for that might be a > consideration. > > POST does not display anything in the browser, so as others have said it's > perfect for login's since that info will never be visible to the user. > > as far as REQUEST goes... I personally don't think it's any less secure > then POST or GET... As long as you do sanitization on the info that is > appropriate for your app, REQUEST is fine.. > > Some people prefer to use GET and POST though because then they know where > the info is coming from... > > I think that's everything I wanted to add :) > Just stuff to think about. > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > >
