[UPHPU] receiving with $_REQUEST

Richard K Miller richardkmiller at gmail.com
Thu Feb 28 12:38:51 MST 2008


On Feb 28, 2008, at 12:28 PM, Wade Preston Shearer wrote:

> It's obviously wise to only post a form using GET when you  
> absolutely need to or there are no security concerns involved, but  
> what about on the receiving end? Are there any reasons to not always  
> receive with $_REQUEST? I have heard people say that you should only  
> use $_REQUEST when you absolutely need to receive from both GET and  
> POST, but if a hacker can simulate a POST just as easy as GET then  
> how is it insecure?

Out of curiosity, what's your reason for using it? I've never run into  
a situation where I needed to receive both $_GET and $_POST. I think  
using explicit names makes my code better organized.

P.S. $_REQUEST also include cookies.




More information about the UPHPU mailing list