[UPHPU] receiving with $_REQUEST
Richard K Miller
richardkmiller at gmail.com
Thu Feb 28 12:38:51 MST 2008
On Feb 28, 2008, at 12:28 PM, Wade Preston Shearer wrote:
> It's obviously wise to only post a form using GET when you
> absolutely need to or there are no security concerns involved, but
> what about on the receiving end? Are there any reasons to not always
> receive with $_REQUEST? I have heard people say that you should only
> use $_REQUEST when you absolutely need to receive from both GET and
> POST, but if a hacker can simulate a POST just as easy as GET then
> how is it insecure?
Out of curiosity, what's your reason for using it? I've never run into
a situation where I needed to receive both $_GET and $_POST. I think
using explicit names makes my code better organized.
P.S. $_REQUEST also include cookies.
More information about the UPHPU
mailing list