[UPHPU] Form Help

dataw0lf digitalsuicide at gmail.com
Fri Jun 24 11:23:53 MDT 2005


Mac Newbold wrote:

> I grant you that, in general, that is true. However, in this case, it
> makes no difference. You can't trust data in $_POST or $_COOKIE any more
> than you can trust data in $_GET, because they're _all_ sent from the
> user and are subject to the user sending you whatever they want.

You know I know this :).  However, using $_REQUEST, even in a situation
like this, gives potentially malicious users a better stepping stone
then just one specific super global.  Obviously, you're still going to
have to properly cleanse the variable.
It also adds to code readability (which, in turn, often affects security).

-- 

Joshua Simpson -- dataw0lf.org
Lead Network Administrator/Engineer Aero-Graphics Inc.
jsimpson at aero-graphics.com



More information about the UPHPU mailing list