> I'll say it again: > > regsiter_globals has *NOTHING* to do with $_REQUEST. > > Zero. > Zilch. > Nada. > Zip.
To me it allows for the same [lazy] behavior. Period. I've had other people agree. Say what you want about it. > No, it only relies on one "Designer" who wants their request to look > like a FORM and another "Designer" who wants their request to look > like a link. I've never had to write an app where I allow GET and POST. Either way can be created using a form, a button, a link, etc. Pick one and stick with it. > And I don't really *CARE* if the search terms (or whatever input it > its) comes from GET versus POST as there is NO Security difference > whatsoever. > > They need equal filtration. Agreed > The point is that GET and/or POST are equally tainted data, and that I > wish to provide the same services to either kind of request, and there > is NO DIFFERENCE between them for this service. I disagree with that approach to a web application. > You're still not getting the point. No, I get it. I was too vague in my original message. To me newbies picked up PHP easily because "hey, this query string variable is $foo just like when I do a post variable of $foo!" and $_REQUEST to them is their way to get around a register_globals = off installation. I've seen it many times with people just learning PHP. I associate the use of $_REQUEST with people new to PHP, because I've seen it many times. Also when told about $_GET, $_POST, $_COOKIE, etc... they realized how much cleaner that is and adjust appropriately. > There *ARE* valid reasons for allowing GET and POST to be used > inter-changably. > > Consider a stupid simple web "service" that lets you look up > Longitude, Latitude by zip code from their own website. > Do you really CARE if they use a link or a form to REQUEST the > long/lat with the zip input? > > No. You don't. You're right - I don't. But I tell them to use GET or POST and they prepare their client-side code appropriately. Both ways can be done. I don't make my applications lazy and then allow two interfaces to them when one is perfectly fine and allows for one consistent interaction method. > But please do NOT spread mis-information that using $_REQUEST un-does > what turning register_globals off does. Because that is simply not > factually correct, no matter how you feel about $_REQUEST. Eh, you call it mis-information. I call it advising on how to code a tighter web application. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
