Ben [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
Dan Baker wrote:
Why is using $_REQUEST a security issue? You know every value in the
entire array came from the end-user, and needs to be validated somehow.
If your code is written so the end-user can send this data to you via
Dan Baker wrote:
On the one hand, you can't trust anything that came from the client, but
on the other if you're expecting a variable to come from a cookie and
instead it comes from a get you know something weird is going on, but
using $_REQUEST you'll be oblivious. You ought to know where
Dan Baker wrote:
Ben [EMAIL PROTECTED] wrote in message
[snip]
Interesting, but I think I wouldn't spend the extra code to detect if I was
expecting a POST, but got a GET. If I didn't get the value from POST, I'd
just assume it wasn't there -- I wouldn't go looking elsewhere for it, and
On Wed, September 14, 2005 4:03 pm, Ben wrote:
using $_REQUEST you'll be oblivious. You ought to know where your
variable values are coming from, $_REQUEST hides this.
I think I must object to saying $_REQUEST hides this.
$_REQUEST tells you it came from POST or GET (or COOKIE)
Anyway, I have
4 matches
Mail list logo
