Richard, The use of $_REQUEST it no more a security hole than $_GET or $_REQUEST, they should ALL be treats as bad data until normalized and sanitized. The claim that it opens a security hole is just false, that?s like saying PHP is insecure, its not it just allows for lazy coding such as $_REQUEST. David Murphy -----Original Message----- From: richard.heyes@xxxxxxxxx [mailto:richard.heyes@xxxxxxxxx] On Behalf Of Richard Sent: Monday, February 22, 2010 3:03 PM To: Joseph Thayne Cc: Slack-Moehrle; php-general Subject: Re: $_POST vs $_REQUEST Hi, > I am not sure what the security issues are you are referring to as the > $_REQUEST superglobal contains both $_GET and $_POST values. Could you > expound on that? Thanks. Not really, do a search. -- Richard Heyes HTML5 canvas graphing: RGraph - http://www.rgraph.net (updated 20th February) Lots of PHP and Javascript code - http://www.phpguru.org -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
