Re: $_POST vs $_REQUEST

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Feb 22, 2010 at 12:55 PM, Joseph Thayne <webadmin@xxxxxxxxxxxxx> wrote:

> I am not sure what the security issues are you are referring to as the
> $_REQUEST superglobal contains both $_GET and $_POST values.  Could you
> expound on that?  Thanks.

$_REQUEST opens you up to POST/GET values overriding cookie values or
vice versa. It's best to choose your source of data specifically.

I unset($_REQUEST) wherever I can to enforce stricter coding
practices. To me it's lazy. If you really need to mix POST and GET,
then you can always array_merge($_POST, $_GET)

>> Use quoted strings - either single or double quotes. Eg:
>>
>> $myArray['myKey']
>> $myArray["myKey"]

single quotes are better (by a marginal fraction) as it won't look for
interpolated strings :)

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux