On Mon, Feb 22, 2010 at 12:55 PM, Joseph Thayne <webadmin@xxxxxxxxxxxxx> wrote: > I am not sure what the security issues are you are referring to as the > $_REQUEST superglobal contains both $_GET and $_POST values. Could you > expound on that? Thanks. $_REQUEST opens you up to POST/GET values overriding cookie values or vice versa. It's best to choose your source of data specifically. I unset($_REQUEST) wherever I can to enforce stricter coding practices. To me it's lazy. If you really need to mix POST and GET, then you can always array_merge($_POST, $_GET) >> Use quoted strings - either single or double quotes. Eg: >> >> $myArray['myKey'] >> $myArray["myKey"] single quotes are better (by a marginal fraction) as it won't look for interpolated strings :) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php