[UPHPU] Form Help

Jonathan Grotegut jgrotegut at gmail.com
Fri Jun 24 13:21:34 MDT 2005


On 6/24/05, dataw0lf <digitalsuicide at gmail.com> wrote:
> Mac Newbold wrote:
> 
> > I grant you that, in general, that is true. However, in this case, it
> > makes no difference. You can't trust data in $_POST or $_COOKIE any more
> > than you can trust data in $_GET, because they're _all_ sent from the
> > user and are subject to the user sending you whatever they want.
> 
> You know I know this :).  However, using $_REQUEST, even in a situation
> like this, gives potentially malicious users a better stepping stone
> then just one specific super global.  Obviously, you're still going to
> have to properly cleanse the variable.
> It also adds to code readability (which, in turn, often affects security).
> 
> --
> 
> Joshua Simpson -- dataw0lf.org
> Lead Network Administrator/Engineer Aero-Graphics Inc.
> jsimpson at aero-graphics.com
> 
> _______________________________________________
> 
> UPHPU mailing list
> UPHPU at uphpu.org
> http://uphpu.org/mailman/listinfo/uphpu
> IRC: #uphpu on irc.freenode.net
> 

Thanks to everyone for your help, it looks like I got the first page
figured out, now I am just working on the second one.  It definatly
looks like I am going to need to read up on my security for php as
well as many other aspects of PHP.  I have a lot to learn still
obviously.

Thanks again.

Jonathan




More information about the UPHPU mailing list