[UPHPU] receiving with $_REQUEST

William Attwood wattwood at gmail.com
Thu Feb 28 13:37:10 MST 2008


Most of the items have been touched on when it comes to $_GET, $_POST and
$_REQUEST.  I honestly believe it is good practice to identify the variables
you will be using and the method in which you receive them.  This way you
have complete control of how your application functions, leaving less room
for error.

Another item is of course variable overlapping where you may have a POST and
a GET with the same variable name, thereby over-writing one with the other..

Try to keep with good practice and remove the possibility of buggy code by
specifying your post type.  Getting into good practice will help down the
road.

-Will
>
>
>
> On Thu, Feb 28, 2008 at 1:28 PM, Alvaro Carrasco <alvaro at epliant.com>
> wrote:
>
> > Wade Preston Shearer wrote:
> > > It's obviously wise to only post a form using GET when you absolutely
> > > need to or there are no security concerns involved, but what about on
> > > the receiving end? Are there any reasons to not always receive with
> > > $_REQUEST? I have heard people say that you should only use $_REQUEST
> > > when you absolutely need to receive from both GET and POST, but if a
> > > hacker can simulate a POST just as easy as GET then how is it
> > insecure?
> > >
> > >
> > > wade
> > > net
> > Keep in mind that $_REQUEST will also include cookies, which might lead
> > to unexpected results if you don't watch for it. You have to be
> > especially careful if you are hosting multiple subdomains and some of
> > them are using-domain wide cookies.
> >
> > Alvaro
> >
> > _______________________________________________
> >
> > UPHPU mailing list
> > UPHPU at uphpu.org
> > http://uphpu.org/mailman/listinfo/uphpu
> > IRC: #uphpu on irc.freenode.net
> >
>
>


More information about the UPHPU mailing list