(snipped) "Ben" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Gustav Wiberg wrote: >> if (isset($_REQUEST["frmUsername"])) { >> >> $un = $_REQUEST["frmUsername"]; > > If you're going to use $_REQUEST you might as well just turn on register > globals (no, don't!). > > If you're expecting a post look for a $_POST, if you're expecting a get > look for a $_GET. Ditto with cookies. You really need to know where your > variables are coming from if you want a measure of security.
Why is using $_REQUEST a security issue? You know every value in the entire array came from the end-user, and needs to be validated somehow. If your code is written so the end-user can send this data to you via a POST/GET/COOKIE, why not use $_REQUEST? Just trying to learn. DanB -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
