[UPHPU] receiving with $_REQUEST

Alvaro Carrasco alvaro at epliant.com
Thu Feb 28 13:28:24 MST 2008


Wade Preston Shearer wrote:
> It's obviously wise to only post a form using GET when you absolutely 
> need to or there are no security concerns involved, but what about on 
> the receiving end? Are there any reasons to not always receive with 
> $_REQUEST? I have heard people say that you should only use $_REQUEST 
> when you absolutely need to receive from both GET and POST, but if a 
> hacker can simulate a POST just as easy as GET then how is it insecure?
>
>
> wade
> net
Keep in mind that $_REQUEST will also include cookies, which might lead 
to unexpected results if you don't watch for it. You have to be 
especially careful if you are hosting multiple subdomains and some of 
them are using-domain wide cookies.

Alvaro


More information about the UPHPU mailing list