Re: $_POST vs $_REQUEST

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 2010-02-22 at 23:49 +0100, John Black wrote:

> On 02/22/2010 11:42 PM, Michael Shadle wrote:
> > The difference here is you can at least have some control over the data
> > and expect it in a certain fashion. Also the behavior of cookies vs. get
> > vs. post are different (cookies have length and expiration limits, get
> > has length limits, post has server confgured limits)
> 
> The cookie and post/get part is all mixed up now :)
> 
> I use $_COOKIE when I want cookie information but I know that the data 
> is not to be trusted and is easily fabricated.
> 
> When reading get or post I just use $_REQUEST nowadays because I don't 
> have to care how the submitting form is written. This makes my form 
> handling data more portable.
> 
> -- 
> John
> You may say I'm a dreamer, but I'm not the only one,
> I hope some day you'll join us, And the world will live as one.
> [John Lennon]
> 


As many people have mentioned already, there's absolutely no security
risk of using $_REQUEST over $_POST or $_GET. I generally use $_REQUEST
unless I am specifically coding something that needs me to send data
over both post and get at the same time.

The thing is, just make sure you sanitise all the data that comes from
the browser. That includes cookie values, post data, etc. Proper
sanitisation is crucial and necessary, and no amount of obscurity about
how you are getting your data will help.

Thanks,
Ash
http://www.ashleysheridan.co.uk



[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux