[UPHPU] receiving with $_REQUEST
alvaro at epliant.com
Thu Feb 28 13:28:24 MST 2008
Wade Preston Shearer wrote:
> It's obviously wise to only post a form using GET when you absolutely
> need to or there are no security concerns involved, but what about on
> the receiving end? Are there any reasons to not always receive with
> $_REQUEST? I have heard people say that you should only use $_REQUEST
> when you absolutely need to receive from both GET and POST, but if a
> hacker can simulate a POST just as easy as GET then how is it insecure?
Keep in mind that $_REQUEST will also include cookies, which might lead
to unexpected results if you don't watch for it. You have to be
especially careful if you are hosting multiple subdomains and some of
them are using-domain wide cookies.
More information about the UPHPU